Configuring the reverse proxy

A reverse proxy is useful when making a BI platform 4.0 environment available to the web while ensuring the application server is not directly accessible to external users. In that case, a reverse proxy is configured to make calls through the firewall, and deliver content to external clients.

In Apache 2.4, the module mod_proxy is used to deploy this functionality. The mod_proxy module is extended by additional modules:* mod_proxy_http, which provides proxy functionality over HTTP or HTTPS.

• mod_proxy_ajp, which uses AJP13 protocol.
• mod_proxy_balancer, which delivers load balancing as part of the proxy solution.

This pattern uses mod_proxy_http as an extension to mod_proxy, for the following reasons:

• The use of mod_proxy_http has been tested and proven to be robust, secure, and scalable. For more information, see http://wiki.sdn.sap.com/wiki/display/BOBJ/BIP+on+Linux+with+Tomcat+and+Sybase+ASE+Pattern+Book.
• Most architectures require all communication originating from the web to be secured over SSL. The AJP protocol does not natively support this, and therefore a reverse proxy is needed.

Workflow

To configure the reverse proxy for this pattern, you do the following:

• Configure mod_proxy_http.
• Configure Tomcat to communicate with the reverse proxy.
• Test the reverse proxy.

To configure mod_proxy_http

1. Log in to machine winpb01 using the account BI4PATTERN\BIPattern02.
2. In a text editor, open this file C:\Apache24\conf\httpd.conf.
3. Uncomment the following 5 lines to enable proxy and dependent functionality:
   
   
   • LoadModule proxy_module modules/mod_proxy.so
   • LoadModule proxy_http_module modules/mod_proxy_http.so
   • LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
   • LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so

   • LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

     Apache 2.4 has separated the modules needed to implement individual load balancing algorithms. The byrequests method is the default algorithm and is required for all configurations. This pattern uses by busyness, a method suitable for "bursty" applications such as BI platform.

     For more information about load balancing algorithms, see http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html.

4. To define the proxy-enabled load balancer, add the following block of text to the bottom of the httpd.conffile:

   #Define Reverse Proxy Load Balancer
   
   <Proxy balancer://BI4Pattern>
   
   BalancerMember http://vantgvmwinpb02.dhcp.pgdev.sap.corp:8080 max=64 connectiontimeout=1200 keepalive=on route=vantgvmwinpb02
   BalancerMember http://vantgvmwinpb03.dhcp.pgdev.sap.corp:8080 max=64 connectiontimeout=1200 keepalive=on route=vantgvmwinpb03
   
   ProxySet lbmethod=bybusyness
   ProxySet stickysession=JSESSIONID
   </Proxy>
   

5. To enable reverse proxy for each of the BI platform web applications, add the following block of text below the load balancer section:

   #Define ProxyPass Rules for Reverse Proxy
   
   #AdminTools for Query Builder
   <Location /AdminTools>
   ProxyPass balancer://BI4Pattern/AdminTools stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/AdminTools
   ProxyPassReverseCookiePath balancer://BI4Pattern/AdminTools /AdminTools
   </Location>
   
   #BOE access to BI Launch Pad and CMC
   <Location /BOE>
   ProxyPass balancer://BI4Pattern/BOE stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/BOE
   ProxyPassReverseCookiePath balancer://BI4Pattern/BOE /BOE
   </Location>
   
   <Location /BusinessProcessBI>
   ProxyPass balancer://BI4Pattern/BusinessProcessBI stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/BusinessProcessBI
   ProxyPassReverseCookiePath balancer://BI4Pattern/BusinessProcessBI /BusinessProcessBI
   </Location>
   
   <Location /clientapi>
   ProxyPass balancer://BI4Pattern/clientapi stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/clientapi
   ProxyPassReverseCookiePath balancer://BI4Pattern/clientapi /clientapi
   </Location>
   
   #Web Service access
   <Location /dswsbobje>
   ProxyPass balancer://BI4Pattern/dswsbobje stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/dswsbobje
   ProxyPassReverseCookiePath balancer://BI4Pattern/dswsbobje /dswsbobje
   </Location>
   
   #MobileBIService access
   <Location /MobileBIService>
   ProxyPass balancer://BI4Pattern/MobileBIService stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/MobileBIService
   ProxyPassReverseCookiePath balancer://BI4Pattern/MobileBIService /MobileBIService
   </Location>
   
   #MOBIServer access
   <Location /MOBIServer>
   ProxyPass balancer://BI4Pattern/MOBIServer stickysession=JSESSIONID
   ProxyPassReverse balancer://BI4Pattern/MOBIServer
   ProxyPassReverseCookiePath balancer://BI4Pattern/MOBIServer /MOBIServer
   </Location>
   

6. To enable the load balancer management interface, add the following block of text bellow the reverse proxy section: 

   <Location /balancer-manager>
   	SetHandler balancer-manager
   	Require host vantgvmwinpb01.dhcp.pgdev.sap.corp
   </Location>
   
   

   This interface lets an administrator enable or disable load balancer members, and therefore must be secured to prevent unauthorized access. The directive here ensures it can only be accessed by a user connected to the physical machine where the proxy resides.

7. Save and close the file.
8. To apply the settings, restart the Apache 2.4 service.

To configure Tomcat to communicate with the reverse proxy

1. Log in to machine winpb02 using the account BI4PATTERN\BIPattern02.
2. In a text editor, open this file C:\tomcat6\conf\server.xml.
3. Add the proxyName and proxyPort properties to the HTTP connector.
   
   a) Locate the following line:
   <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json"/>
   
   b) Modify it as follows:
   <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json" proxyName="vantgvmwinpb01.dhcp.pgdev.sap.corp" proxyPort="80"/>
4. Configure the jvmRoute property to match the Apache load balancer worker.
   
   a) Locate the following line:
   
   <Engine name="Catalina" defaultHost="localhost">
   
   b) Modify it as follows:
   
   <Engine name="Catalina" defaultHost="localhost" jvmRoute="vantgvmwinpb02">
5. Save and exit the file.
6. To apply the changes, restart the Tomcat 6 service.
7. Log in machine winpb03 using the account BI4PATTERN\BIPattern03.
8. In a text editor, open this file C:\tomcat6\conf\server.xml.
9. Add the properties proxyName and proxyPort to the HTTP connector.
   
   Locate the following line:
   
   <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json"/>
   
   Modify it as follows:
   
   <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" compression="on" URIEncoding="UTF-8" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/json" proxyName="vantgvmwinpb01.dhcp.pgdev.sap.corp" proxyPort="80"/>
10. Configure the property jvmRoute to match the Apache load balancer worker.
    
    Locate the following line:
    
    <Engine name="Catalina" defaultHost="localhost">
    
    Modify it as follows:
    
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="vantgvmwinpb03">
11. Save and exit the file.
12. To apply the changes, restart the Tomcat 6 service.

To test the reverse proxy

1. Log in to machine winpb01 using the account BI4PATTERN\BIPattern01.
2. Open a web browser, and go to http://vantgvmwinpb01.dhcp.pgdev.sap.corp/balancer-manager.
   
   The following page is displayed:
   
   
3. Open a new web browser window, and go to http://vantgvmwinpb01.dhcp.pgdev.sap.corp/BOE/BI.
   The BI Launch Pad Log On page is displayed.
4. Return to the balancer-manager page, and refresh it.
   Note the change in number in the Elected column on one of the nodes. The Busy column will quickly increment as well.