IBM Support

How to configure Apache HTTP Server as a reverse proxy for Rational DOORS Web Access

Question & Answer


Question

How do you configure Apache HTTP Server as a reverse proxy for IBM Rational DOORS Web Access?

Cause

You can configure Apache HTTP Server as a reverse proxy for Rational DOORS Web Access.
A reverse proxy server provides another layer of security, protects HTTP servers in the network, and improves the performance of Secure Sockets Layer (SSL) requests. With a reverse proxy, you can change your deployment topology later.

Answer

You can configure Apache HTTP Server as a reverse proxy for Rational DOORS Web Access. A reverse proxy server provides another layer of security, protects HTTP servers in the network, and improves the performance of Secure Sockets Layer (SSL) requests. With a reverse proxy, you can change your deployment topology later.

Before you begin

Before you configure the reverse proxy server, you must install the following components:

  1. Install Rational DOORS Web Access, but do not start the Rational DOORS Web Access components or server.
  2. Install Apache HTTP Server.

About this task

A reverse proxy server is a special HTTP server that prevents direct access to the content HTTP server. All requests for content goes through a publicly visible reverse proxy server URI and are then redirected to the private Rational DOORS Web Access server URI.

These are some of the main advantages of using a reverse proxy server:

  • Future deployment topology changes: When using a reverse proxy in your deployment, you can provide a single host name in your public URL regardless of the machines and port numbers that the applications are deployed on. This enables you to change your deployment topology later.

  • Security: The reverse proxy server provides an additional layer of security and can protect other HTTP servers in the communication network. If you are using a firewall between the reverse proxy server and the content HTTP server, you can configure the firewall to allow only HTTP requests from the reverse proxy server.

  • Performance: You can equip the reverse proxy server with SSL acceleration hardware that can improve the performance of SSL requests.

Procedure
  1. Place a valid SSL certificate key file in an accessible location on your system.

  2. To configure the Apache HTTP Server to process SSL requests, edit the httpd.conf file, which is in the conf directory in the Apache installation.
    1. Uncomment the following modules:
      LoadModule proxy_module modules/mod_proxy.so
      LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
      LoadModule proxy_http_module modules/mod_proxy_http.so
      LoadModule ssl_module modules/mod_ssl.so

    2. Navigate to the SSL configuration section: #Secure (SSL/TLS) connections

    3. Add the following entries:
      #
      # reverse proxy
      #
      SSLProxyEngine On
      ProxyPreserveHost On

    4. Add entries to identify the host domain:
      ProxyPass / https://host_domain:DWA_Tomcat_port/
      ProxyPassReverse / https://      host_domain:DWA_Tomcat_port/
      For example:
      ProxyPass / https://private_host.com:7443/
      ProxyPassReverse / https://      private_host.com:7443/

      Note: In this example, the proxy port that is visible to end users is set to 8443 and proxy requests are redirected to port 7443 on the private_host server. Depending on your environment, the ports that the proxy server and Apache Tomcat are configured to use might be set to different values to avoid port conflicts.

    5. Uncomment the line:
      Include conf/extra/httpd-ssl.conf

      For more information about configuring reverse proxies, see Apache Module mod_proxy in the Apache Software Foundation documentation.

  3. Edit the httpd-ssl.conf file, which is in the /conf/extra directory in the Apache installation.
    1. Update the host name and the port that SSL is configured on.
    2. Update the settings as required, including:
    • SSLCertificateFile
    • SSLCertificateKeyFile

      Note: If the SSLCertificateKeyFile key file is protected by a password, then the password must be entered each time the server starts. You can remove the password, but consider the security implications of this action for your environment before you do so.

      For more information about editing HTTP SSL files, see Apache Core Features and Apache Module mod_ssl in the Apache Software Foundation documentation.

  4. Start Apache HTTP Server.
    Any errors are written to the error.log file, which is in the Apache installation in the /logs folder.

  5. Start Rational DOORS Web Access components.

  6. Start Rational DOORS Web Access server.

[{"Product":{"code":"SSKR2T","label":"IBM Engineering Requirements Management DOORS"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Configuration","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.6","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
01 May 2020

UID

swg21673866

Page Feedback