Thread: apache reverse proxy to bes server
View Single Post
Old 12-06-2013, 06:02 AM   #1
aghering
New Member
 
Join Date: Dec 2013
Model: 8200
PIN: N/A
Carrier: T-mobile
Posts: 1
Default apache reverse proxy to bes server

Please Login to Remove!
Hello,

I hope that someone here can assist me with this problem because I am currently trying to fix this problem for 3 weeks now and can’t seem to get it working. tried the suggestion of many many forums and blogs but can't seem find solution for me. Well let’s start with explaining my situation.

Environment(learning):
Code:
    -1 Public IP
    -Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0)
     + VM Windows Server 2008 R2 Exchange 2010/IIS (server1)
     + VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2)
     + VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3)
    -All port 80,443 requests points  Ubuntu  server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed

Code:
    SomeWebsite:80 (internet <---> server2)
    SomeOtherWebsite:80 (internet <---> server2)
    Mail.server1.com:443 (internet <---> server2 reverse proxy:443 +CERT <--->  443+CERT server1)
    Bes.dnsname.com:443 (internet <---> server2 reverse proxy:443 +CERT <--->  443+CERT server3)
The problem:

For testing purpose I am configuring a blackberry enterprise server(bes) on server3. It’s a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice like i manged to configure for server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn’t interact with the page because it is a java application. So digging deeper into this i found that the webpage that bes provided me to use isn’t the real application but more like a iframe/redirect page.

Code:
    Example:
    BES Console address: https://server3.com:443/webconsole/login
    Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass –reverse to this real address I encountered a other problem. The bes webconsole works with session id’s and parameters

Code:
    Example:   https://bes.server3.com/webconsole/app;jsessionid=2C10DDA521DB8408479AAD8F34255C7F?    component=login.goToChangeLanguagePageLink&consoleSId=&page=Login&service=direct&session=T
Current httpd.conf for server3:
Code:
    <VirtualHost *:80>
    DocumentRoot /var/www/bes.server3.com
    ServerName bes.server3.com
    <Directory "/var/www/bes.server3.com">
    allow from all
    Options +Indexes
    </Directory>

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https:// bes.server3.com/webconsole/login$1 [R,L]

    ProxyPreserveHost On
    ProxyVia Full
    RequestHeader edit Transfer-Encoding Chunked chunked early
    RequestHeader unset Accept-Encoding
    ProxyRequests Off
    TimeOut 1800

    SSLEngine On
    SSLProxyEngine On
    SSLProtocol -all +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL:+SSLv3
    SSLCertificateFile /var/www/bes.server3.com/cert/server.crt
    SSLCertificateKeyFile /var/www/bes.server3.com/cert/server.key

    <Location /webconsole/login>
    ProxyPass https: //bes.server3.com/webconsole/login
    ProxyPassReverse https: //bes.server3.com/webconsole/login
    SSLRequireSSL
    </Location>

    <Location /webconsole/app>
    ProxyPass https: //bes.server3.com/webconsole/app
    ProxyPassReverse https: //bes.server3.com/webconsole/app
    SSLRequireSSL
    </Location>

    <Location /webconsole/assets>
    ProxyPass https://bes.server3.com/webconsole/assets
    ProxyPassReverse https://bes.server3.com/webconsole/assets
    SSLRequireSSL
    </Location>

    <Location /webconsole/com>
    ProxyPass https: //bes.server3.com/webconsole/com
    ProxyPassReverse https: //bes.server3.com/webconsole/com
    SSLRequireSSL
    </Location>

    <Location /webconsole/Loader>
    ProxyPass https: //bes.server3.com/webconsole/Loader
    ProxyPassReverse https: //bes.server3.com/webconsole/Loader
    SSLRequireSSL
    </Location>

    <Location /webconsole/META-INF>
    ProxyPass https: //bes.server3.com/webconsole/META-INF
    ProxyPassReverse https: //bes.server3.com/webconsole/META-INF
    SSLRequireSSL
    </Location>

    <Location /webconsole/reset>
    ProxyPass https: //bes.server3.com/webconsole/reset
    ProxyPassReverse https: //bes.server3.com/webconsole/reset
    SSLRequireSSL
    </Location>

    <Location /webconsole/WEB-INF>
    ProxyPass https://bes.server3.com/webconsole/WEB-INF
    ProxyPassReverse https://bes.server3.com/webconsole/WEB-INF
    SSLRequireSSL
    </Location>

    ErrorLog /var/log/apache2/bes_server3_errorlog
    CustomLog /var/log/apache2/bes_server3_com common
    </VirtualHost>

The server i am working on is used for testing the BES before we buy the software, servers, etc. i am not able to connect the bes server on a other public IP. its for me very important that the reverse proxy works. i think that i am not the only one using this kind of setup because of the security improvement when your not exposing your real server to the outside.

I hope with posting my own situation I have more chance to find a answer/suggestion that will work for me.
Offline   Reply With Quote