How to configure Apache proxy for IM on JBoss EAP 6.2?
search cancel

How to configure Apache proxy for IM on JBoss EAP 6.2?

book

Article ID: 36513

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

 Introduction:

When setting up an Apache server acting as a proxy for Identity Manager (IM) JBoss application, users normally encounter the issue where the inbound requests go through the proxy port and are forwarded to the backend JBoss successfully.
However, when users click on any links, the outbound requests are redirected to JBoss port 8080.

Question:

How do I configure Apache as a proxy and ensure all requests are properly channeled through the proxy port?

Environment:
 
Identity Manager R12.6
JBoss EAP 6.2
Apache 2.2
OS Windows 2008 SP2

Answer:

1. Modify httpd.conf by enabling proxy module


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so


2. Add a virtualhost directive

For example,

<VirtualHost myproxyserver.ca.com:80>
    ServerAdmin [email protected]
    DocumentRoot "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs"
    ServerName myproxyserver.ca.com
    ServerAlias myproxyserver
    ErrorLog "logs/im_proxy.log"
    CustomLog "logs/im_proxy-access.log" common
 
    ProxyRequests On
    ProxyPass    /iam   http://myappserver.ca.com:8080/iam
    ProxyPass    /castylesr5.1.1   http://myappserver.ca.com:8080/castylesr5.1.1
 
    ProxyPassReverse /iam  http://myappserver.ca.com:8080/iam
    ProxyPassReverse /castylesr5.1.1  http://myappserver.ca.com:8080/castylesr5.1.1
 
<Directory />
 Order Deny,Allow
 Deny from all
 Allow from myproxyserver.ca.com
</Directory>
</VirtualHost>

 

3. Edit \jboss-eap-6.2\standalone\configuration\standalone-full.xml to include proxy-port and proxy-name in the connector.

This is to set all embedded URI links in JBoss application to use the proxy port.

<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" proxy-name=”<the proxy DNS>” proxy-port="<port used by the proxy server>"/>


Note1: After you add proxy-Port entry, you will not be able to access port 8080 directly anymore and get 404 error if you do.

Note2: If Apache is on SSL (but not JBoss), set the connector in JBoss as below so that all outbound requests are routed to 443 port:

<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="http" proxy-port="443"/>

4. Restart Apache server

 

Environment

Release:
Component: IDMGR
Powered by Wolken Software