How to setup access to UMP in the DMZ using Apache HTTP Server as a proxy
Apache HTTP Server versions greater than 2.2 are NOT officially supported.
ONLY Apache HTTP Server version 2.2 is supported.
Apache HTTP Server Version 2.2 Documentation
To download Apache HTTP Server version 2.2x go to:
Note that in that 8.0 and older documentation there is a required section on setting up the Tomcat connector that currently appears to be missing from the 8.1/8.2 documentation hence the information required is presented in the Article below:
The following IS required even in CA UIM v8.2
Install Apache HTTP Server version 2.2
Set up the Tomcat Connector (THIS IS REQUIRED)
Set up the Tomcat Connector to allow communication between the Apache web proxy server and the web application service probe (wasp) in UMP.
Follow these steps:
Create the workers.properties file and save it in:
C:\Program Files (x86)\Apache Software Foundation\Apache\conf
Specify the UMP portal server.
# Define 1 real worker using ajp13
# Set properties for worker1 (ajp13)
On the Apache server, download the version of mod_jk.so that it matches your version of Apache and save it to:
C:\Program Files (x86)\Apache Software Foundation\Apache\modules
Important! Ensure that you have a JkMount directive appropriate for your configuration.
Add the Tomcat Connector configuration to the Apache configuration file, httpd.conf:
# Load mod_jk module
# Update this path to match your modules location
LoadModule jk_module modules/mod_jk.so
# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to access_log)
# Set the jk log level [debug/error/info]
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Send everything for context / to worker named worker1 (ajp13)
JkMount / worker1
The Tomcat Connector is now set up for communication.
Define the Proxy Configuration between the Apache and UMP machines
Configure proxy communication between the Apache proxy web server and UMP server so that external browsers can access UMP via the DMZ.
Follow these steps:
Edit the Apache configuration file, httpd.conf, as follows:
Uncomment the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Locate: #ServerName www.example.com; uncomment and change it to:
Add the following lines to the end of the httpd.conf file:
Allow from all
ProxyPass / ajp://<ump_server_name_orIP>:8009/
ProxyPass /c/portal ajp://<ump_server_name_orIP>:8009/c/portal
ProxyPass /web/guest ajp://<ump_server_name_orIP>:8009/web/guest
Allow from all
ProxyPass / ajp://<ump_hostname>:8009/
ProxyPass /c/portal ajp://<ump_hostname>:8009/c/portal
ProxyPass /web/guest ajp://<ump_hostname>:8009/web/guest
For more detail on how that setting works, see the following:
After making that change, you will need to restart apache.
To restart Apache on Windows:
Open a command prompt
Cd to the Apache bin directory
Run the command
httpd -k restart
to restart the Apache service.
On the inside firewall, make sure you open Port 8009
On the outside firewall, make sure you open: Port 80 OR Port 443 if you are using SSL.
Note: (Optional) - To allow internet access to a hub in the DMZ, you must assign a public IP address. Restart the Apache server.
(Optional) if you want to enable only https access and disable standard http, you must do the following:
In the http.conf, comment out the following line #Listen 80