1. Topics:
  2. JVM configuration
  3. |
  4. Troubleshooting Core
  1. Modules:
  2. NONE
  3. |
  4. Command line interface tasks

Proxy configuration

You can configure an Apache Web server as a reverse proxy server for routing to multiple IBM® WebSphere® sMash applications. This allows multiple WebSphere sMash applications to be accessed using a namespace at a single Web server address.

WebSphere sMash application configuration

There are no special configuration requirements in order for a WebSphere sMash application to be placed behind a reverse proxy server, if an application uses only page relative URIs and follows the guidelines described in the URIUtils article. Using only page relative links is considered a best practice, and allows the most flexibility for relocating applications behind a reverse proxy, or even multiple chains of proxies.
However, sometimes using absolute URIs is unavoidable. In these cases, you can configure an external URI prefix. This value is pulled from the global context and is used for creating absolute URIs through the URIUtils APIs. This string contains just the scheme, hostname and port used to access the WebSphere sMash application from the point of view of a user (from the browser of a user). For example, if the reverse proxy is hosted at http://www.projectzero.org/, and the absolute URLs generated by the application needs to reflect this address, then add the following line to the zero.config file: 

/config/externalUriPrefix = "http://www.projectzero.org"

When deploying applications behind a reverse proxy, it is often not the only application being fronted by the proxy. In such situations, it is necessary for these applications to share the URI namespace. This can be configured at the application using the context root. For example, to set the context root of the application to employeedemo, add the following line to zero.config file: 

/config/contextRoot="/employeedemo"

The corresponding configuration for Apache mod_proxy follows:

Configuring a proxy server

You can configure Apache as a reverse proxy server for routing to WebSphere sMash applications using the mod_proxy module as described in the following section.

Mod_Proxy

You can configure the Apache Web Server as a proxy server by including the mod_proxy module and appropriate directives in the httpd.conf configuration file of the server.

In the following example, the WebSphere sMash sample application employee.demo with a context root of /employeedemo is placed behind an Apache server configured as a reverse proxy and the following modifications are made to the httpd.conf configuration file of the Apache server.

  1. Add the LoadModule directives for the mod_proxy, mod_proxy_http, and mod_rewrite modules as shown in the following example: 

    LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so 
LoadModule rewrite_module modules/mod_rewrite.so

  2. Add the ProxyRequests Off line as shown in the following example: 

    ProxyRequests Off

  3. Add the Proxy stanza as shown in the following example: 

    <Proxy>
    Order deny,allow
    Allow from all
</Proxy>

  4. Enable URL rewriting as shown in the following example: 

    RewriteEngine on

  5. For each application that is to be placed behind the Apache server, add a ProxyPass statement, where the namespace of the application is determined, as shown in the following example: 

    ProxyPass /employeedemo/ http://localhost:8080/employeedemo/

  6. For each application for which there is a ProxyPass statement, add a ProxyPassReverse statement, as shown in the following example: 

    ProxyPassReverse /employeedemo/ http://localhost:8080/employeedemo/

    This allows the Apache server to rewrite the Location header information correctly before passing redirect responses back to the client. The values in this line must exactly match the values in the corresponding ProxyPass statement.

  7. The application can be reached using the namespace URL with an ending slash, but a URL without a trailing slash results in a 404 Not Found error. To correct this, for each application that has ProxyPass and ProxyPassReverse statements, add a rewriting rule with a trailing slash, as shown in the following example: 

    RewriteRule ^/employeedemo$ /employeedemo/ [R]

After these steps are taken, the Employee Demo application used in the example is accessible from the Apache server with the following URL: http://{hostname}/employeedemo.

The complete configuration section is shown in the following example: 

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so

ProxyRequests Off
<Proxy>
   Order deny,allow
   Allow from all
</Proxy>

RewriteEngine on

ProxyPass /employeedemo/ http://localhost:8080/employeedemo/
ProxyPassReverse /employeedemo/ http://localhost:8080/employeedemo/
RewriteRule ^/employeedemo$ /employeedemo/ [R]

Using Apache/ModProxy to route with sticky sessions zsessionid

You can use Apache mod_proxy to route to project zero servers with sticky sessions. Use mod_proxy with balancer to route to multiple back end servers while preserving session affinity.

The sessionID used by project zero is zsessionid .

There are 2 parts to the configuration.

  1. Configure Apache to use multiple backend servers and specify the routes to use.
    1. Load the balancer module 
      LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    2. Define a cluster A cluster is defined and a routeID is assigned to the cluster members as shown in the configuration. 
      <Proxy balancer://App1Cluster>
  	BalancerMember http://machine1.mycompany.com:8080/App1 route=mem1
  	BalancerMember http://machine2.mycompany.com:8080/App1 route=mem2
</Proxy>
    3. Use the cluster for routing and specify sticky session 
      <LocationMatch "/App1" >
	Order allow,deny
	Allow from all  
	ProxyPass balancer://App1Cluster stickysession=zsessionid nofailover=Off
	ProxyPassReverse balancer://App1Cluster
</LocationMatch>
  2. Configure zero.config to use correct routeID.
    Add the following line to zero.config on machine1 
    /config/apacheRouteID = "mem1"
    Similarly add the following line to zero.config on machine2 
    /config/apacheRouteID = "mem2"

Using Apache/ModProxy to route with sticky sessions without zsessionid

If a zero application does not use the userzone (and thus zsessionid), it can still be configured for sticky sessions.
  1. Configure Apache to use multiple backend servers and specify the routes to use.
    1. Load the balancer module 
      LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    2. Define a cluster A cluster is defined and a routeID is assigned to the cluster members as shown in the configuration. 
      <Proxy balancer://App1Cluster>
  	BalancerMember http://machine1.mycompany.com:8080/App1 route=mem1
  	BalancerMember http://machine2.mycompany.com:8080/App1 route=mem2
</Proxy>
    3. Use the cluster for routing and specify sticky session 
      <LocationMatch "/App1" >
	Order allow,deny
	Allow from all  
	ProxyPass balancer://App1Cluster stickysession=apacheRouteID nofailover=Off
	ProxyPassReverse balancer://App1Cluster
</LocationMatch>
  2. Configure zero.config to use correct routeID.
    Add the following line to zero.config on machine1 
    /config/apacheRouteID = "mem1"		
/config/handlers += [{
	"events" : "sendingHeaders",
	"handler" : "zero.core.context.zones.support.ApacheRouteAdder.class"
}]
    Similarly add the following line to zero.config on machine2 
    /config/apacheRouteID = "mem2"			
/config/handlers += [{
	"events" : "sendingHeaders",
	"handler" : "zero.core.context.zones.support.ApacheRouteAdder.class"
}]

    ApacheRouteAdder adds a cookie named apacheRouteID to responses that already have an outgoing cookie set.

    The value of the cookie is "route." + valueOf (/config/apacheRouteID)

    For the above example machine1 will produce

    Set-Cookie: apacheRouteID=route.mem1

Using Apache/ModProxy to proxy AJAX requests

You might want to access services on third party servers from JavaScript running in the client Web browser. Because of security restrictions, it might not be possible to reach these third party services unless a reverse proxy is configured in the original domain from which the application was retrieved.

You can add a snippet in the Apache httpd.conf file to proxy any URL beginning with "/ajax/projectzero.org" or "/ajax/www.projectzero.org" to the address beginning after /ajax/. You could configure this with nothing after /ajax/, but that would allow your proxy to be used by any user to access any site anonymously, so the best practice is to provide a white list of accessible sites.

This particular proxy configuration example forwards all requests that do NOT match the AJAX proxy criteria to a WebSphere sMash server running at http://localhost:8080/:

  1. Follow steps 1 and 4 from the Configuring a proxy server section.
  2. Add the following snippet to the Apache httpd.conf file: 
ProxyPassReverse /ajax/ http://
RewriteRule ^/ajax/((www\.)?projectzero.org)? http://$1 [P,L] 
ProxyPass / http://localhost:8080/

You can find information on all of these directives in the Apache documentation.

Version 1.0.0.3.25591