Edit the httpd.conf file to load modules required prepare the
Reverse Proxy for SAP Mobile Platform use.
- In
a text editor, open Apache2.2\conf\httpd.conf
.
- Uncomment these lines to load headers, and required SSL and proxy modules.
LoadModule headers_module modules/mod_headers.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
The three proxy_* modules are required by three proxy modes:
HTTP, 1-way
HTTPS,
and 2-way HTTPS. The ssl_module is required by both HTTPS proxy
modes. The headers_module is required by 2-way HTTPS proxy
mode.
- Add these lines to enable
port
8080
as
an
HTTP proxy.
##############################
Listen 8080
<VirtualHost *:8080>
ServerName proxy-server
ErrorLog "C:/Apache2.2/logs/error.log"
TransferLog "C:/Apache2.2/logs/access.log"
<Location/>
ProxyPass http://sup-server:8000/
ProxyPassReverse http://sup-server:8000/
</Location>
</VirtualHost>
##############################
- Add these lines to enable
port
8081
as
a
1-way HTTPS proxy.
##############################
Listen 8081
<VirtualHost *:8081>
ServerName proxy-server
ErrorLog "C:/Apache2.2/logs/error.log"
TransferLog "C:/Apache2.2/logs/access.log"
# activate HTTPS on the reverse proxy
SSLEngine on
SSLCertificateFile "C:/Apache2.2/conf/proxy-server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/proxy-server.key"
SSLCertificateChainFile "C:/Apache2.2/conf/proxy-server-ca.crt"
SSLProxyEngine On
SSLProxyCACertificateFile C:/Apache2.2/conf/sup-server-ca.crt
<Location />
ProxyPass https://sup-server:8001/
ProxyPassReverse https://sup-server:8001/
</Location>
</VirtualHost>
- Add these lines to enable
port
8082
as
a
2-way HTTPS proxy.
##############################
Listen 8082
<VirtualHost *:8082>
ServerName proxy-server
ErrorLog "C:/Apache2.2/logs/error.log"
TransferLog "C:/Apache2.2/logs/access.log"
# activate HTTPS on the reverse proxy
SSLEngine on
SSLCertificateFile "C:/Apache2.2/conf/proxy-server.crt"
SSLCertificateKeyFile "C:/Apache2.2/conf/proxy-server.key"
SSLCertificateChainFile "C:/Apache2.2/conf/proxy-server-ca.crt" # activate the client certificate authentication
SSLCACertificateFile "C:/Apache2.2/conf/trusted-client-ca.crt"
SSLVerifyClient require
SSLVerifyDepth 10
SSLProxyEngine On
SSLProxyCACertificateFile C:/Apache2.2/conf/sup-server-ca.crt
SSLProxyMachineCertificateFile C:/Apache2.2/conf/proxy-client.pem
# initialize the special headers to a blank value to avoid http header forgeries
RequestHeader set SSL_CLIENT_CERT ""
<Location />
# add SSL_CLIENT_CERT header to forward real client certificate
RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
ProxyPass https://sup-server:8002/
ProxyPassReverse https://sup-server:8002/
</Location>
</VirtualHost>
##############################
- Save the file.
- Validate the configuration by opening a browser and testing these URLs.
- https://proxy-server:8080/debug/app1
- https://proxy-server:8081/debug/app1
- https://proxy-server:8082/debug/app1