BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 12-06-2013, 06:02 AM   #1
aghering
New Member
 
Join Date: Dec 2013
Model: 8200
PIN: N/A
Carrier: T-mobile
Posts: 1
Default apache reverse proxy to bes server

Please Login to Remove!

Hello,

I hope that someone here can assist me with this problem because I am currently trying to fix this problem for 3 weeks now and can’t seem to get it working. tried the suggestion of many many forums and blogs but can't seem find solution for me. Well let’s start with explaining my situation.

Environment(learning):
Code:
    -1 Public IP
    -Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0)
     + VM Windows Server 2008 R2 Exchange 2010/IIS (server1)
     + VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2)
     + VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3)
    -All port 80,443 requests points  Ubuntu  server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed

Code:
    SomeWebsite:80 (internet <---> server2)
    SomeOtherWebsite:80 (internet <---> server2)
    Mail.server1.com:443 (internet <---> server2 reverse proxy:443 +CERT <--->  443+CERT server1)
    Bes.dnsname.com:443 (internet <---> server2 reverse proxy:443 +CERT <--->  443+CERT server3)
The problem:

For testing purpose I am configuring a blackberry enterprise server(bes) on server3. It’s a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice like i manged to configure for server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn’t interact with the page because it is a java application. So digging deeper into this i found that the webpage that bes provided me to use isn’t the real application but more like a iframe/redirect page.

Code:
    Example:
    BES Console address: https://server3.com:443/webconsole/login
    Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass –reverse to this real address I encountered a other problem. The bes webconsole works with session id’s and parameters

Code:
    Example:   https://bes.server3.com/webconsole/app;jsessionid=2C10DDA521DB8408479AAD8F34255C7F?    component=login.goToChangeLanguagePageLink&consoleSId=&page=Login&service=direct&session=T
Current httpd.conf for server3:
Code:
    <VirtualHost *:80>
    DocumentRoot /var/www/bes.server3.com
    ServerName bes.server3.com
    <Directory "/var/www/bes.server3.com">
    allow from all
    Options +Indexes
    </Directory>

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https:// bes.server3.com/webconsole/login$1 [R,L]

    ProxyPreserveHost On
    ProxyVia Full
    RequestHeader edit Transfer-Encoding Chunked chunked early
    RequestHeader unset Accept-Encoding
    ProxyRequests Off
    TimeOut 1800

    SSLEngine On
    SSLProxyEngine On
    SSLProtocol -all +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL:+SSLv3
    SSLCertificateFile /var/www/bes.server3.com/cert/server.crt
    SSLCertificateKeyFile /var/www/bes.server3.com/cert/server.key

    <Location /webconsole/login>
    ProxyPass https: //bes.server3.com/webconsole/login
    ProxyPassReverse https: //bes.server3.com/webconsole/login
    SSLRequireSSL
    </Location>

    <Location /webconsole/app>
    ProxyPass https: //bes.server3.com/webconsole/app
    ProxyPassReverse https: //bes.server3.com/webconsole/app
    SSLRequireSSL
    </Location>

    <Location /webconsole/assets>
    ProxyPass https://bes.server3.com/webconsole/assets
    ProxyPassReverse https://bes.server3.com/webconsole/assets
    SSLRequireSSL
    </Location>

    <Location /webconsole/com>
    ProxyPass https: //bes.server3.com/webconsole/com
    ProxyPassReverse https: //bes.server3.com/webconsole/com
    SSLRequireSSL
    </Location>

    <Location /webconsole/Loader>
    ProxyPass https: //bes.server3.com/webconsole/Loader
    ProxyPassReverse https: //bes.server3.com/webconsole/Loader
    SSLRequireSSL
    </Location>

    <Location /webconsole/META-INF>
    ProxyPass https: //bes.server3.com/webconsole/META-INF
    ProxyPassReverse https: //bes.server3.com/webconsole/META-INF
    SSLRequireSSL
    </Location>

    <Location /webconsole/reset>
    ProxyPass https: //bes.server3.com/webconsole/reset
    ProxyPassReverse https: //bes.server3.com/webconsole/reset
    SSLRequireSSL
    </Location>

    <Location /webconsole/WEB-INF>
    ProxyPass https://bes.server3.com/webconsole/WEB-INF
    ProxyPassReverse https://bes.server3.com/webconsole/WEB-INF
    SSLRequireSSL
    </Location>

    ErrorLog /var/log/apache2/bes_server3_errorlog
    CustomLog /var/log/apache2/bes_server3_com common
    </VirtualHost>

The server i am working on is used for testing the BES before we buy the software, servers, etc. i am not able to connect the bes server on a other public IP. its for me very important that the reverse proxy works. i think that i am not the only one using this kind of setup because of the security improvement when your not exposing your real server to the outside.

I hope with posting my own situation I have more chance to find a answer/suggestion that will work for me.
Offline  
Old 12-06-2013, 07:28 AM   #2
nobody7290
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,381
Default Re: apache reverse proxy to bes server

I have some experience regarding revers proxying with apache. From what I learned there it is not easy to do this, and if the server behind the reverse proxy hehaves not 100% compliant it might even be impossible.

Wouldnt it be easier to access the management console using a VPN ? Either your Router could have a built in VPN server or you could use the Windows built in VPN.

I also do not recommend to expose the webconsole (regardles if there is a reverse proxy in front of it or not) to the general public.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: apache reverse proxy to bes server
Thread Thread Starter Forum Replies Last Post
BEs 5.0.2 inplace upgrade of sql express to sql server 2005 elbutre BES Admin Corner 5 10-27-2010 04:59 AM
Knowledge Sharing - Troubleshooting mail server's failover in a Domino cluster noname BES Admin Corner 0 05-06-2010 07:20 AM
NeverFail vs. BES 5.0 dmbascfan BES Admin Corner 27 11-09-2009 08:44 AM
Exchange 2007, BES, Server 2008 and Server 2003 R2 wangel88 BES Admin Corner 9 04-07-2009 04:12 PM
BES 4.01 migration to new server, do these steps look okay? mcast12 BES Admin Corner 0 08-22-2006 11:22 AM


5/10/50PCS SST27SF512-70-3C-PG SST 27SF512 EEPROMs DIP-28 Programmable Flash IC picture

5/10/50PCS SST27SF512-70-3C-PG SST 27SF512 EEPROMs DIP-28 Programmable Flash IC

$25.63



1pcs Brand new Mitsubishi with box  FX-EEPROM-16 picture

1pcs Brand new Mitsubishi with box FX-EEPROM-16

$98.16



1pcs FX-EEPROM-4 Mitsubishi New quality assurance 100% Brand new ones picture

1pcs FX-EEPROM-4 Mitsubishi New quality assurance 100% Brand new ones

$50.87



10PCS EEPROM IC WINBOND PLCC-32 W27C512P-45 W27C512P-45Z NEW picture

10PCS EEPROM IC WINBOND PLCC-32 W27C512P-45 W27C512P-45Z NEW

$15.90



CH341A 24 25 Series EEPROM Flash BIOS USB Programmer Module + SOIC8 Test Clip picture

CH341A 24 25 Series EEPROM Flash BIOS USB Programmer Module + SOIC8 Test Clip

$7.98



CH341A 24 25 Series EEPROM Flash BIOS USB Programmer Module + SOIC8 Test Clip picture

CH341A 24 25 Series EEPROM Flash BIOS USB Programmer Module + SOIC8 Test Clip

$4.88







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.