Excerpt from http://www-10.lotus.com/ldd/lcwiki.nsf/dx/configuring-a-reverse-proxy-server2
Configuring a reverse proxy server (2.0)
Overview
A reverse proxy server intercepts client requests to Lotus Connections servers and, when possible, returns cached data rather than contacting the true destination server. A reverse proxy reduces the amount of traffic that a back-end server must perform to satisfy duplicate requests for data, while at the same time improving the response time for those requests.
You can set up a reverse proxy by using WebSphere Application Server Edge components (formerly Edge Server). Edge components can control client access to Web servers and improve access to Web-based content over the Internet or a corporate intranet.
Infrastructure
The topology in this deployment uses a cluster of Lotus Connections servers connected to a remote HTTP server, a remote database server, and a remote LDAP server. These are deployed in a private network behind a firewall. Client request are intercepted and handled by the transparent proxy server. Users are not aware that a proxy exists in the configuration.
This deployment was tested on a Microsoft Windows Server 2003 platform. The following figure illustrates the topology used in this deployment:
Specifications
The following table lists the specifications of the systems used in this deployment:
Component Software OS System
Reverse Proxy IBM WebSphere Application Server Edge Components 6.1 Windows Pentium IV CPU, 3.0 GHz, 500 MB RAM
Web Server IBM HTTP Server 6.1.13 with SSL enabled Windows
Linux 2 Dual-Core CPUs, 2.0 GHz, 8 GB RAM
1 Quad-Core CPU, 1.6 GHz, 4 GB RAM
Lotus Connections 1.0.2
Lotus Connections 2.0
IBM WebSphere Application Server 6.1.0.13
IBM WebSphere Application Server 6.1.0.13 Windows
Linux 2 Dual-Core CPUs, 2.0 GHz, 8 GB RAM
Database DB2 9.1.4
Oracle 10g 10.2.0.3 Windows
Linux 2 Dual-Core CPUs, 2.0 GHz, 8 GB RAM
Step-by-Step instructions
Before deploying this infrastructure, the product and all related components must be installed.
Installing WebSphere Edge Components
1. Download Edge Components (part number: C88UQML): https://w3-104.ibm.com/software/xl/download/ticket.do?openform
2. Launch the Edge Components launchpad.bat file and install the Caching Proxy component. For more information about installing, see the Edge components information center.
3. Start the proxy service: Click Start > Control Panel > Administrative Tools > Services, and then select IBM Caching Proxy and start the service.
4. Enter the URL of the target Web server: Click Start > All Programs > Edge Components > Caching Proxy > Configuration Wizard. Enter the URL of the Target Web Server, and click Next.
5. Enter a User Name and Password for a new administrator account, and click Next. Click Finish and OK.
6. Open the ibmproxy.conf file (usually located in the \cp\etc\en_US directory) and add the following line to the Start new mapping rules section:
Add Pass /pub/* \cp\server_root\pub\en_US\*
Save the file.
7. Configure the proxy: Open Proxy Configuration > Proxy Settings, select the HTTP check box, and click Submit.
8. Click Proxy Performance, deselect the Run as a pure proxy check box, and click Submit.
9. Restart the proxy server and test the configuration: Open a web browser and navigate to "http://Your_Proxy_Server.com/", where is a Lotus Connections feature (such as Activities or Blogs). If the web page for the selected feature appears, the reverse proxy is working correctly.
You can check the reverse proxy logs under: C:\Program Files\IBM\edge\cp\server_root\logs.
Enabling SSL
A. Create a personal certificate on the proxy server
1. Create a key database for proxy server: Click Start > All Programs > IBM WebSphere > Edge Components > Caching Proxy > Start Key Management Utility.
2. Click Key Database File and select New.
3. Enter the following information and click OK:
Key database type: CMS
File Name: ProxyKey.kdb
Location: C:\ProxyDB
4. At the password prompt, enter your password and select the Stash the password to a file? check box.
5. Create a personal certificate: Click Create > New Self-Signed Certificate....
6. Enter the following information and click OK:
KeyLabel: ProxyCert
Version : X509V3
Key Size : 1024
Common name : Your_Proxy_Server.com
Organization : ibm
B. Import a signer certificate from the Web server
1. Extract the PluginCert.arm file from the IBM HTTP Server. (For more information about IHS, see Edge components information center): Open the plugin-key.kdb file (under C:\IBM\HTTPServer\Plugins\etc\) and click OK. Enter your password when prompted, and click OK.
2. Click WebSphere Plugin Key > Extract Certificate... and enter the following data:
Data type: Base64-encoded ASCII data
Certificate file name: PluginCert.arm
Location: C:\
Click OK.
3. Import the IHS Signer Certificate to the proxy server: Click Start > All Programs > IBM WebSphere > Edge Components > Caching Proxy > Start Key Management Utility, and open the ProxyKey.kdb file.
4. Click Signer Certificates > Add, and enter the following information:
Data type : Base64-encoded ASCII data
Certificate file name : PluginCert.arm
Location : C:\
Click OK
5. When prompted to enter a label, type PluginCert, and click OK.
C. Configure SSL on the proxy server
1. In the proxy server's admin console, open Proxy Configuration > SSL Settings.
2. Select the Enable SSL check box.
3. Select the Attempt to cache content on a secure request check box.
4. Enter the kdb location, for example, c:\ProxyKDB\ProxyKey.kdb, in the Key Ring Database file field.
5. Enter the password file location, for example, c:\ProxyKDB\ProxyKey.sth, in the Key Ring Database Password File field.
6. Click Submit.
D. Modify the ibmproxy.conf file
1. Add the following lines to enable Proxy and ReversePass directives:
Proxy /*
http://venturacn24.cn.ibm.com/* :80
Proxy /*
https://venturacn24.cn.ibm.com/* :443
ReversePass http://Your_HTTP_Server.com/*
http://Your_Proxy_Server.com/*
ReversePass https://Your_HTTP_Server.com/*
https://Your_Proxy_Server.com/*
2. Add the following line to enable the SendRevProxyName directive:
SendRevProxyName yes
3. Add the following lines to enable cache directives (optional):
CacheTimeMargin 0 seconds
CacheQueries Always http://Your_HTTP_Server.com/*
CacheQueries Always https://Your_HTTP_Server.com/*
4. Save the ibmproxy.conf file.
5. Restart the proxy server and test the configuration: Open a web browser and navigate to "https://Your_Proxy_Server.com/", where is a Lotus Connections feature (such as Activities or Blogs). If the web page for the selected feature appears, the reverse proxy in SSL mode is working correctly.
You can check the reverse proxy logs under: C:\Program Files\IBM\edge\cp\server_root\logs.
E. Test the configuration
1. Restart the proxy server.
2. Open a web browser and navigate to "https://Your_Proxy_Server.com/", where is a Lotus Connections feature (such as Activities or Blogs). If the web page for the selected feature appears, the reverse proxy in SSL mode is working correctly.
You can check the reverse proxy logs under: C:\Program Files\IBM\edge\cp\server_root\logs.
Recommended reading
* WebSphere Application Server Concepts, Planning, and Installation for Edge Components: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.edge.doc/welcome.html
* Reverse proxy definition: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzaie/rzaieproxytypes.htm
* WebSphere Application Server Network Deployment: http://www-306.ibm.com/software/webservers/appserv/was/network/edge.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment