Chapter 8. Using Everyplace Connection Manager HTTP Access Services 277
The reverse proxy must be configured to proxy host names with
w1.mycompany.com translating to w1.mycompany.com.
Everyplace Connection Manager machine must have a valid wildcard digital
certificate for *.mycompany.com.
This scheme works because the host name in the URL
http://w1.mycompany.com is resolved differently by clients on the Internet and
the proxy server using the internal DNS. This results in the client sending HTTP
requests to the Everyplace Connection Manager machine, which the proxy then
forwards to the correct internal IP address of the actual server. Significantly, this
scheme uses the same server host name internally and externally avoiding the
need for the complex URL rewriting that would otherwise be required.
The wildcard certificate is required because the Everyplace Connection Manager
can only have one certificate. It will use this certificate to create a secure SSL
regardless of the URL used to reach the Everyplace Connection Manager
machine. If all servers are in the mycompany.com domain and the digital
certificate is used to *.mycompany.com by a certificate authority recognized by
the user will not see any warnings. If the servers are not in the same domain or a
wildcard certificate is not used, the connection can still be made but the user will
be warned that the server name in the certificate does not match the server in the
URL entered by the user.
8.2 Sample scenario
This section includes a sample scenario that is configured to illustrate the HTTP
Access Services function implemented in Everyplace Connection Manager. This
sample scenario uses the following machines:
Everyplace Connection Manager machine
– SUSE Linux® Enterprise Server 8 (Service Pack 3)
– IBM DB2 Universal Database 8.2
– IBM Directory Services V5.2
– IBM WebSphere Everyplace Connection Manager V5.1
Reverse Proxy Server
– Microsoft Windows 2000 Server (Service Pack 4)
– IBM WebSphere Edge Server V2.0
Note: Secure Sockets Layer (SSL) is required between HTTP clients and
Everyplace Connection Manager. HTTP requests using configured unsecure
ports (default is port 80) are rerouted to the HTTPS secure port (default 443).
278 IBM WebSphere Everyplace Access V5, Volume IV: Advanced Topics
WebSphere Everyplace Access Server
– Microsoft Windows 2000 Server (Service Pack 4)
– IBM WebSphere Everyplace Access V5.0
Gatekeeper Client
– Microsoft Windows 2000 Professional (Service Pack 4)l
– IBM WebSphere Everyplace Connection Manager Gatekeeper V5.1
HTTP Client
– Microsoft Windows 2000 Professional (Service Pack 4)
– Microsoft Internet Explorer V6.0
PDA Client
– Microsoft Pocket PC 2003
Figure 8-3 illustrates the sample scenario.
Figure 8-3 HTTP Access Services sample scenario
WebSphere Everyplace Access
Application Server runs WebSphere Everyplace Access V5. This scenario uses
the portal component in WebSphere Everyplace Access. For more information
about Everyplace Connection Manager and WebSphere Everyplace Access
integration, see Chapter 9, “WebSphere Connection Manager integration” on
page 301.
port 80
Everyplace
Connection
Manager
HTTP
Services
Gatekeeper
https - port 443
sles8
Edge
WebSphere
Everyplace
Access
Reverse
Caching
Proxy
Proxy
Administration
Reverse Proxy Directives
URL:
Proxy /wps/* http://wea02/wps/*
SendRevProxyName yes
http or https
http://sles8/wps/portal
http - port 80
wea02
Chapter 8. Using Everyplace Connection Manager HTTP Access Services 279
Reverse Proxy Server
The reverse proxy machine plays a major role in the architecture; it is
responsible to redirect the Everyplace Connection Manager messages to the
application servers and vice-versa.
The reverse proxy must be specifically configured to work with Everyplace
Connection Manager. Configuration options need to be made in the
ibmproxy.conf file. For Windows machines, this file is located in the C:\Program
Files\IBM\edge\cp\etc\en_US directory, assuming that you are using default
values when you installed IBM WebSphere Edge Server.
Port directive
The port used by the reverse proxy in this scenario is the edge server
ibmproxy.conf default. It only needs to match the HTTP Access Services
configuration. The HTTP configuration is shown in Example 8-1.
Example 8-1 Port directive
# Port directive:
# Port used by the server.
# Default: 80
# Syntax: Port <num>
Port 80
SendRevProxyName directive
This directive must be configured so that application servers will also send HTTP
traffic back to the reverse proxy. The configuration is illustrated in Example 8-2.
Example 8-2 SendRevProxyName
# SendRevProxyName directive:
#
# In a reverse proxy scenario, WTE normally sends the destination
# origin server name in the HOST header of the request to the origin
# server. If this directive is set to yes, WTE will instead send
# the WTE host name in the HOST header of the request to the origin
# server. This allows the origin server to use the WTE host name in
# redirects sent back. Therefore, subsequent requests to redirected
# locations will go through WTE.
#
# Default: no
# Syntax: SendRevProxyName <yes | no>
#
# Example:
# SendRevProxyName yes
SendRevProxyName yes
Get IBM WebSphere Everyplace Access V5 Handbook for Developers and Administrators Volume IV: Advanced Topics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
