Fronting LiveCycle/JBoss With Apache Web Server

There are use cases where LiveCycle administrators want to expose only a subset of its functionality to users and programs outside of the machine LiveCycle is hosted on. Firewalls can be used to block certain ports. Apache Web Server can be used as a reverse proxy so that only certain URLs are “visible” to external callers.

1) Download and install Apache Web Server 2.2 from here.

JBOSS CONFIGURATION
——————————

2) Assuming that the DNS name of the machine hosting the Apache Web Server is apache.company.com, edit the Tomcat configuration file ($JBOSS_HOME/jboss-4.2.0_mssql2005/server/all/deploy/jboss-web.deployer/server.xml) of the JBoss instance hosting LiveCycle so that the HTTP Connector configuration looks similar to this:
<Connector port="8080" address="${jboss.bind.address}"
proxyName="apache.company.com" proxyPort="80"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

APACHE WEB SERVER CONFIGURATION
————————————————-

3) Edit the configuration file of Apache Web Server (httpd.conf) and enable proxying by uncommenting the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

4) Also add the folowing lines for additional configuration
# Prevent Apache from acting like a forward proxy
ProxyRequests Off

# Control Client Access
<Proxy http://jboss.company.com:8080/>
  Order Deny,Allow
  Allow from all
</Proxy>

# Set TCP/IP network buffer size for better throughput (bytes)
ProxyReceiveBufferSize 4096

5) Assuming that the DNS name of the machine hosting the JBoss AS is jboss.company.com, add Reverse Proxy configuration
The following is a simplistic configuration where every request (/) is allowed:
ProxyPass / http://jboss.company.com:8080/
ProxyPassReverse / http://jboss.company.com:8080/

Here’s a more restrictive configuration, allowing access only to the web UI of Rights Management and nothing else:
ProxyPass /edc http://jboss.company.com:8080/edc
ProxyPassReverse /edc http://jboss.company.com:8080/edc
ProxyPass /um http://jboss.company.com:8080/um
ProxyPassReverse /um http://jboss.company.com:8080/um
ProxyPass /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en
ProxyPassReverse /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en

More details are available here.

6) Re-start the Apache Web Server.

7) Re-start the JBoss instance that hosts LiveCycle ES

8) Verify by pointing your browser at the Apache machine:

http://apache.company.com/edc/Main.do

To configure HTTPS, see Carlos Guerrero’s blong entry here.

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)
This entry was posted in Adobe LiveCycle ES. Bookmark the permalink.

6 Responses to Fronting LiveCycle/JBoss With Apache Web Server

  1. Batch says:

    Any known issues with using the AJP13 connector instead of Mod_proxy?I currently have this working and it seems to be doing a fine job, but I want to ensure I do not run into any unforeseeable issues down the road.Thanks,Batch

  2. Jayan Kandathil says:

    No, I’m not aware of any issues. In fact, if you could post the steps you took to make it work with AJP, it would be great. Thanks.

  3. John Wright says:

    Can a reverse proxy work for LiveCycle users, i.e. PDF forms within their workspaces?

    • Jayan Kandathil says:

      Yes.

      But please make sure you configure the following context roots:
      /workspace
      /um
      /workspace-server

      For additional debugging, you can use a tool like Charles. See here for more details.

  4. nw987 says:

    Jayan

    Do you have an update to this for ES2? I’m having trouble with the workspace attachments when there is a space in them. It appears mod_proxy is removing the spaces from the request URL. Thanks.

    • Jayan Kandathil says:

      Nicholas:
      It looks like you’d need to use mod_rewrite to handle situations where the attachment names have spaces in them. I am not familiar with that Apache module.