Hello,
I hope that someone here can assist me with this problem because I am currently trying to fix this problem for 3 weeks now and can’t seem to get it working. tried the suggestion of many many forums and blogs but can't seem find solution for me. Well let’s start with explaining my situation.
Environment(learning):
Code:
-1 Public IP
-Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0)
+ VM Windows Server 2008 R2 Exchange 2010/IIS (server1)
+ VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2)
+ VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3)
-All port 80,443 requests points Ubuntu server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed
Code:
SomeWebsite:80 (internet <---> server2)
SomeOtherWebsite:80 (internet <---> server2)
Mail.server1.com:443 (internet <---> server2 reverse proxy:443 +CERT <---> 443+CERT server1)
Bes.dnsname.com:443 (internet <---> server2 reverse proxy:443 +CERT <---> 443+CERT server3)
The problem:
For testing purpose I am configuring a blackberry enterprise server(bes) on server3. It’s a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice like i manged to configure for server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn’t interact with the page because it is a java application. So digging deeper into this i found that the webpage that bes provided me to use isn’t the real application but more like a iframe/redirect page.
Code:
Example:
BES Console address: https://server3.com:443/webconsole/login
Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass –reverse to this real address I encountered a other problem. The bes webconsole works with session id’s and parameters
Code:
Example: https://bes.server3.com/webconsole/app;jsessionid=2C10DDA521DB8408479AAD8F34255C7F? component=login.goToChangeLanguagePageLink&consoleSId=&page=Login&service=direct&session=T
Current httpd.conf for server3:
Code:
<VirtualHost *:80>
DocumentRoot /var/www/bes.server3.com
ServerName bes.server3.com
<Directory "/var/www/bes.server3.com">
allow from all
Options +Indexes
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https:// bes.server3.com/webconsole/login$1 [R,L]
ProxyPreserveHost On
ProxyVia Full
RequestHeader edit Transfer-Encoding Chunked chunked early
RequestHeader unset Accept-Encoding
ProxyRequests Off
TimeOut 1800
SSLEngine On
SSLProxyEngine On
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL:+SSLv3
SSLCertificateFile /var/www/bes.server3.com/cert/server.crt
SSLCertificateKeyFile /var/www/bes.server3.com/cert/server.key
<Location /webconsole/login>
ProxyPass https: //bes.server3.com/webconsole/login
ProxyPassReverse https: //bes.server3.com/webconsole/login
SSLRequireSSL
</Location>
<Location /webconsole/app>
ProxyPass https: //bes.server3.com/webconsole/app
ProxyPassReverse https: //bes.server3.com/webconsole/app
SSLRequireSSL
</Location>
<Location /webconsole/assets>
ProxyPass https://bes.server3.com/webconsole/assets
ProxyPassReverse https://bes.server3.com/webconsole/assets
SSLRequireSSL
</Location>
<Location /webconsole/com>
ProxyPass https: //bes.server3.com/webconsole/com
ProxyPassReverse https: //bes.server3.com/webconsole/com
SSLRequireSSL
</Location>
<Location /webconsole/Loader>
ProxyPass https: //bes.server3.com/webconsole/Loader
ProxyPassReverse https: //bes.server3.com/webconsole/Loader
SSLRequireSSL
</Location>
<Location /webconsole/META-INF>
ProxyPass https: //bes.server3.com/webconsole/META-INF
ProxyPassReverse https: //bes.server3.com/webconsole/META-INF
SSLRequireSSL
</Location>
<Location /webconsole/reset>
ProxyPass https: //bes.server3.com/webconsole/reset
ProxyPassReverse https: //bes.server3.com/webconsole/reset
SSLRequireSSL
</Location>
<Location /webconsole/WEB-INF>
ProxyPass https://bes.server3.com/webconsole/WEB-INF
ProxyPassReverse https://bes.server3.com/webconsole/WEB-INF
SSLRequireSSL
</Location>
ErrorLog /var/log/apache2/bes_server3_errorlog
CustomLog /var/log/apache2/bes_server3_com common
</VirtualHost>
The server i am working on is used for testing the BES before we buy the software, servers, etc. i am not able to connect the bes server on a other public IP. its for me very important that the reverse proxy works. i think that i am not the only one using this kind of setup because of the security improvement when your not exposing your real server to the outside.
I hope with posting my own situation I have more chance to find a answer/suggestion that will work for me.