How to configure Apache proxy for IM on JBoss EAP 6.2
search cancel

How to configure Apache proxy for IM on JBoss EAP 6.2

book

Article ID: 36513

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

When setting up an Apache server acting as a proxy for Identity Manager (IM) JBoss application, users normally see the inbound requests go through the proxy port and forwarded to the backend JBoss successfully. However, when users click on any links, the outbound requests are redirected to JBoss port 8080.

This article explains how to make sure all requests are properly channeled to the proxy port

Environment

Identity Manager R12.6
JBoss EAP 6.2
Apache 2.2
OS Windows 2008 SP2

Resolution

This is the configuration to apply for successful JBOSS proxying through apache

1. Modify httpd.conf by enabling proxy module


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so


2. Add a virtualhost directive

For example,

<VirtualHost myproxyserver.example.com:80>
   ServerAdmin [email protected]
   DocumentRoot "<Apache_home_directory>\htdocs"
   ServerName myproxyserver.example.com
    ServerAlias myproxyserver
    ErrorLog "logs/im_proxy.log"
    CustomLog "logs/im_proxy-access.log" common
 
    ProxyRequests On
    ProxyPass    /iam   http://myappserver.example.com:8080/iam
   ProxyPass    /castylesr5.1.1   http://myappserver.example.com:8080/castylesr5.1.1
 
   ProxyPassReverse /iam  http://myappserver.example.com:8080/iam
   ProxyPassReverse /castylesr5.1.1  http://myappserver.example.com:8080/castylesr5.1.1
 
<Directory />
 Order Deny,Allow
 Deny from all
Allow from myproxyserver.example.com
</Directory>
</VirtualHost>

 

3. Edit \jboss-eap-6.2\standalone\configuration\standalone-full.xml to include proxy-port and proxy-name in the connector.

This is to set all embedded URI links in JBoss application to use the proxy port.

<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" proxy-name=”<the proxy DNS>” proxy-port="<port used by the proxy server>"/>


Note1: After you add proxy-Port entry, you will not be able to access port 8080 directly anymore and get 404 error if you do.

Note2: If Apache is on SSL (but not JBoss), set the connector in JBoss as below so that all outbound requests are routed to 443 port:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="http" proxy-port="443"/>

4. Restart Apache server