Unlike IS, MFT, API gateway etc.. MWS does not have an out of the box enterprise gateway provided by SoftwareAG product suite. So, as per their product documentation, we need to go with other popular front-facing servers like Apache web server or Microsoft IIS to setup reverse proxy in DMZ. In this article, we will see how to do this using Apache web server.

Prerequisites:

1. Get “gcc” installed using “sudo yum install gcc“. If gcc installation fails due to dependency on Kernel Headers, then get the kernel headers installed using “sudo yum install kernel-headers –disableexcludes=all“
2. Get “sudo yum install expat-devel” installed as Apache APR depends on this.
3. Get “sudo yum install openssl-devel” installed as Apache HTTP Server SSL module depends on this.
4. Download Apache HTTP server install-able from httpd.apache.org (httpd-NN.tar.gz)
5. Download APR and APR-Util from apr.apache.org (apr-NN.tar.gz and apr-util-NN.tar.gz)
6. Download PCRE from www.pcre.org (download pcre and not pcre2)
7. Create three directories on the server where Apache has to be installed (This is DMZ server in our case residing on external domain).
   • /sag/apacheRIServer/apache  — In this location Apache will get installed
   • /sag/apacheRIServer/pcre  — In this location PCRE will get installed
   • /sag/ApacheInstallImg — In this location keep all the installation files that are downloaded as per #1 and #2.

   • Apache HTTP Server Installation:

     Extract the httpd-NN.tar.gz tar

     gzip -d httpd-NN.tar.gz
     tar xvf httpd-NN.tar

     Copy apr-NN.tar.gz and apr-util-NN.tar.gz to /sag/ApacheInstallImg//srclib/

     Change directory to /sag/ApacheInstallImg//srclib/

     Extract the tar files

     gzip -d apr-NN.tar.gz
     tar xvf apr-NN.tar
     gzip -d apr-util-NN.tar.gz
     tar xvf apr-util-NN.tar

     After extraction, DO NOT leave the directory names with version numbers. Rename the folders to “apr” and “apr-util” using mv command

     mv apr-1.6.3 apr
     mv apr-util-1.6.1 apr-util

     Now, Go inside “apr” folder and run below command

     ./configure --with-included-apr

     Extract the pcre-8.42.tar.gz tar

     gzip -d pcre-8.42.tar.gz
     tar xvf pcre-8.42.tar

     Install PCRE using below commands

     ./configure -prefix=/sag/apacheRIServer/pcre/ --disable-cpp
     make
     make install

     Now, lets configure Apache HTTP server using below

     ./configure --prefix=/sag/apacheRIServer/apache --enable-so --enable-ssl --enable-proxy=shared --with-pcre=/sag/apacheRIServer/pcre --with-included-apr-util
     make
     make install

     Change directory to /sag/apacheRIServer/apache/conf

     vi httpd.conf

     Go to the line where you see “Listen 80” and change it to listen to any port number you wish. I used 9090 below

     Listen 9090

     Now, go to the line where you see “#ServerName http://www.example.com:80” and change it to below and save the file. The port number should be the same port that was configured in the previous step.

     ServerName 0.0.0.0:9090

     Start the server to test if its working. Change directory to “/sag/apacheRIServer/apache/bin” and run below command to start the server

     ./apachectl -k start

     After few seconds, hit “:9090” and see if you get a page response showing “It Works!!” (as of apache version 2.4.33)

     If you see the message then you are good to move forward  Let’s see the SSL module now to enable server listening on HTTPs.

     Enable SSL module:

   • Create a directory under “/sag/apacheRIServer/apache/conf” and name it as “security“. This where we are planning to maintain all certificates required for SSL
   • Copy SSL certificates (.cer/.crt/.cert and .key files) to above folder (/sag/apacheRIServer/apache/conf/security)
   • Enable below directives in httpd.conf file. Uncomment them if entry is already present in file or make a new entry if not present