Configuring a Reverse Proxy with Apache that handles HTTPS connections

There is a great post on the LiveCycle Product Blog here that explains how to set up a reverse proxy to filter the URLs of our LiveCycle server that we want to expose. In the case we want our server to be accessed over SSL, there are some additional steps we will need to follow. Here, I am going to cover this additional piece of configuration required for your Apache reverse proxy to handle HTTPS traffic.

1.  Download and install the Apache server from I used Apache 2.2 with OpenSSL when I was writing this. Also, this post is based on JBoss 4.2.1 (Turnkey) running on Windows.

2.  Edit the Tomcat configuration file $JBOSS_HOME\server\lc_turnkey\deploy\jboss-web.deployer/server.xml of your JBoss server, adding the proxyName and proxyPort parameters with the name and port of the LiveCycle server. It should look something like this:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
proxyName=”” proxyPort=”443″
maxThreads=”150″ scheme=”https” secure=”true”
keystoreFile=”C:/Adobe/Adobe LiveCycle ES2/jboss/server/lc_turnkey/conf/lces.keystore”
clientAuth=”false” sslProtocol=”TLS” />

3.  Use the openssl command to generate a certificate and key that our Apache server will need to handle SSL connections. Open a command prompt, go to Apache2.2\bin and run the openssl command with values matching your environment:

openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt -subj “/O=CompanyXYZ/OU=PS/” -config  “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\openssl.cnf”

4.  Copy the generated server.key and server.crt files to the Apache2.2\conf folder.

5.  Open Apache2.2\conf\httpd.conf and uncomment the following lines, which will enable proxying and SSL on the Apache server.:

LoadModule proxy_module modules/
LoadModule proxy_http_module modules/
LoadModule ssl_module modules/
Include conf/extra/httpd-ssl.conf

6.  Also add the following lines to the httpd.conf:

# Prevent Apache from acting like a forward proxy
ProxyRequests Off
# Control Client Access
<Proxy>Order Deny,Allow
Allow from all

# Set TCP/IP network buffer size for better throughput (bytes)
ProxyReceiveBufferSize 4096

7.  Add the reverse proxy configuration at the end of the httpd.conf file:

ProxyPass /
ProxyPassReverse / https://

As explained in the post I referenced at the beginning, this configuration won’t filter any URL, and it will just redirect every request (/) to the SSL port of the JBoss server. If we want to be more restrictive and only allow specific URLs, we will need to configure that. For example, here we only allow access to the Rights Management UI:

ProxyPass /edc
ProxyPassReverse /edc
ProxyPass /um
ProxyPassReverse /um
ProxyPass /rightsmgmt_help_en
ProxyPassReverse /rightsmgmt_help_en

8.  We also need to configure the SSL connection for the Apache server. Open Apache2.2\conf\extra\httpd-ssl.conf and perform the following modifications:

– Uncomment the following line:

SSLSessionCache         “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”

– Comment out the following line:

SSLSessionCache        “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”

– Locate the <VirtualHost _default_:443> block and insert the following line in it:

SSLProxyEngine on

The block should look something like the following:

## SSL Virtual Host Context
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot “C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs”
ErrorLog “C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/error.log”
TransferLog “C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/access.log”
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProxyEngine on

9.  Restart JBoss and Apache servers.

LC Workbench ES Component Development Tool

I decided to start with a post about the LC Workbench ES Component Development Tool, which makes the generation of a custom component an easier task. You can download the prerelease of the tool from Adobe Labs ( The Development Tool is essentially a plug-in for Eclipse that provides a new type of project with a component.xml file, pre-generated service classes and an Ant script to finally generate the custom component JAR.

The thing that I really like about the tool is that it allows you to configure your custom component without the need of manually editing the component.xml file.

Before installing the Development Tool you need to make sure you have the following Eclipse frameworks installed:

–          Eclipse Modeling Framework Project (EMF)

–          Eclipse Graphical Editing Framework (GEF)

–          Web Tools Platform (WTP SDK)

After installing these 3 frameworks, you can download the Development Tool from Adobe Labs and install it on your Eclipse (

Now, once installed, you will follow the following steps to create your custom component:

  1. Create your new Component Project. You will see that under the “New Project” wizard of Eclipse, there is now a new category called “Adobe LiveCycle” with a “Component Project” within it.
  2. On the first screen you will be prompted to enter the name of the new project, the package name where your service classes will be, and the unique ID of the component.
  3. This dialog also allows you to specify the services your custom component will provide.

    … by defining its operations:

    and configuration parameters:

  4. This “New Project” wizard will generate your project with the component.xml file already configured, and your service classes and Ant script generated. The project tree should look something like this:

  5. If you need to add additional configuration to the component.xml file, you can edit it with the component editor provided by the Development Tool. Just open the component.xml in Eclipse and you won’t get the plain XML file content, but the following edit dialog that should make the edition of the file much easier.

  6. The next step would be to implement the business logic of your service classes already pre-generated for you
  7. Once you finish coding your Java classes, you can run the provided Ant build.xml to finally generate the JAR file, and voila!… your custom component is ready to be imported in LC Workbench to get it installed on your LC server.