Setting up Reverse Proxy for MWS using Apache Server
Unlike IS, MFT, API gateway etc.. MWS does not have an out of the box enterprise gateway provided by SoftwareAG product suite. So, as per their product documentation, we need to go with other popular front-facing servers like Apache web server or Microsoft IIS to setup reverse proxy in DMZ. In this article, we will see how to do this using Apache web server.
- Get “gcc” installed using “sudo yum install gcc“. If gcc installation fails due to dependency on Kernel Headers, then get the kernel headers installed using “sudo yum install kernel-headers –disableexcludes=all“
- Get “sudo yum install expat-devel” installed as Apache APR depends on this.
- Get “sudo yum install openssl-devel” installed as Apache HTTP Server SSL module depends on this.
- Download Apache HTTP server install-able from httpd.apache.org (httpd-NN.tar.gz)
- Download APR and APR-Util from apr.apache.org (apr-NN.tar.gz and apr-util-NN.tar.gz)
- Download PCRE from www.pcre.org (download pcre and not pcre2)
- Create three directories on the server where Apache has to be installed (This is DMZ server in our case residing on external domain).
- /sag/apacheRIServer/apache — In this location Apache will get installed
- /sag/apacheRIServer/pcre — In this location PCRE will get installed
- /sag/ApacheInstallImg — In this location keep all the installation files that are downloaded as per #1 and #2.
Apache HTTP Server Installation:
Extract the httpd-NN.tar.gz tar
gzip -d httpd-NN.tar.gz tar xvf httpd-NN.tar
Copy apr-NN.tar.gz and apr-util-NN.tar.gz to /sag/ApacheInstallImg//srclib/
Change directory to /sag/ApacheInstallImg//srclib/
Extract the tar files
gzip -d apr-NN.tar.gz tar xvf apr-NN.tar gzip -d apr-util-NN.tar.gz tar xvf apr-util-NN.tar
After extraction, DO NOT leave the directory names with version numbers. Rename the folders to “apr” and “apr-util” using mv command
mv apr-1.6.3 apr mv apr-util-1.6.1 apr-util
Now, Go inside “apr” folder and run below command
Extract the pcre-8.42.tar.gz tar
gzip -d pcre-8.42.tar.gz tar xvf pcre-8.42.tar
Install PCRE using below commands
./configure -prefix=/sag/apacheRIServer/pcre/ --disable-cpp make make install
Now, lets configure Apache HTTP server using below
./configure --prefix=/sag/apacheRIServer/apache --enable-so --enable-ssl --enable-proxy=shared --with-pcre=/sag/apacheRIServer/pcre --with-included-apr-util make make install
Change directory to /sag/apacheRIServer/apache/conf
Go to the line where you see “Listen 80” and change it to listen to any port number you wish. I used 9090 below
Now, go to the line where you see “#ServerName http://www.example.com:80” and change it to below and save the file. The port number should be the same port that was configured in the previous step.
Start the server to test if its working. Change directory to “/sag/apacheRIServer/apache/bin” and run below command to start the server
./apachectl -k start
After few seconds, hit “:9090” and see if you get a page response showing “It Works!!” (as of apache version 2.4.33)
If you see the message then you are good to move forward Let’s see the SSL module now to enable server listening on HTTPs.
Enable SSL module:
- Create a directory under “/sag/apacheRIServer/apache/conf” and name it as “security“. This where we are planning to maintain all certificates required for SSL
- Copy SSL certificates (.cer/.crt/.cert and .key files) to above folder (/sag/apacheRIServer/apache/conf/security)
- Enable below directives in httpd.conf file. Uncomment them if entry is already present in file or make a new entry if not present