Setting up Reverse Proxy Server for SSL Communication

Procedure

  1. Navigate to the following directory of Apache HTTP server installation: 
    APACHE_HOME/conf
  2. Open the httpd.conf file for editing.
  3. Uncomment the following line: 
    LoadModule ssl_module modules/mod_ssl.so
  4. Add the following line to include the SSL configuration file: 
    Include conf/extra/httpd-ssl.conf
  5. Save changes to the httpd.conf file.
  6. Navigate to the following directory of Apache HTTP server installation:

    APACHE_HOME/conf/extra

  7. Open the httpd-ssl.conf file for editing.
  8. Add the following contents: 

<VirtualHost *:ListenSSLPort>
SSLEngine On
ProxyPreserveHost On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/example.crt
# Usage: SSLCertificateKeyFile /path/to/example.key
# Example:
   SSLCertificateFile Name_of_Server_public_certificate
   SSLCertificateKeyFile Name_of_Server_private_key
# Servers to proxy the connection, or;
# List of application servers:
# Usage:
# ProxyPass / http://[IP Addr.]:[port]/
# ProxyPassReverse / http://[IP Addr.]:[port]/
# Example:
   ProxyPass / http://APIExchangeGateway_Host:HTTP_PORT/
   ProxyPassReverse / http://APIExchangeGateway_Host:HTTP_PORT/
</VirtualHost>

where,

  • ListenSSLPort is the SSL transport port on which Apache HTTP server runs. The ListenSSLPort must match the value specified by Listen directive.
  • APIExchangeGateway_Host is the machine on which TIBCO API Exchange Gateway runs.
  • HTTP_PORT is the HTTP port for TIBCO API Exchange Gateway.
  • Name_of_Server_public_certificate is the full path to the public certificate. For example, "C:\apache2\conf\server.crt".
  • Name_of_Server_private_key is the full path to the private key. For example, "C:\apache2\conf\server.key".

  1. Save the changes to the file.
  2. Configure the client certificate authentication as described in the Configuring Client Authentication with Digital Certificates on Apache HTTP Server section.
    Note: If you want to use the Apache HTTP server in reverse proxy mode to forward the client requests to multiple instances of the Core Engines, use a load balancer. Refer to the High Availability Deployment Of Runtime Components chapter.