Fronting LiveCycle/JBoss With Apache Web Server

| No Comments

There are use cases where LiveCycle administrators want to expose only a subset of its functionality to users and programs outside of the machine LiveCycle is hosted on. Firewalls can be used to block certain ports. Apache Web Server can be used as a reverse proxy so that only certain URLs are "visible" to external callers.

1) Download and install Apache Web Server 2.2 from here.

JBOSS CONFIGURATION
------------------------------

2) Assuming that the DNS name of the machine hosting the Apache Web Server is apache.company.com, edit the Tomcat configuration file ($JBOSS_HOME/jboss-4.2.0_mssql2005/server/all/deploy/jboss-web.deployer/server.xml) of the JBoss instance hosting LiveCycle so that the HTTP Connector configuration looks similar to this:
<Connector port="8080" address="${jboss.bind.address}"
proxyName="apache.company.com" proxyPort="80"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />

APACHE WEB SERVER CONFIGURATION
-------------------------------------------------

3) Edit the configuration file of Apache Web Server (httpd.conf) and enable proxying by uncommenting the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

4) Also add the folowing lines for additional configuration
# Prevent Apache from acting like a forward proxy
ProxyRequests Off

# Control Client Access
<Proxy http://jboss.company.com:8080/>
  Order Deny,Allow
  Allow from all
</Proxy>

# Set TCP/IP network buffer size for better throughput (bytes)
ProxyReceiveBufferSize 4096

5) Assuming that the DNS name of the machine hosting the JBoss AS is jboss.company.com, add Reverse Proxy configuration
The following is a simplistic configuration where every request (/) is allowed:
ProxyPass / http://jboss.company.com:8080/
ProxyPassReverse / http://jboss.company.com:8080/

Here's a more restrictive configuration, allowing access only to the web UI of Rights Management and nothing else:
ProxyPass /edc http://jboss.company.com:8080/edc
ProxyPassReverse /edc http://jboss.company.com:8080/edc
ProxyPass /um http://jboss.company.com:8080/um
ProxyPassReverse /um http://jboss.company.com:8080/um
ProxyPass /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en
ProxyPassReverse /rightsmgmt_help_en http://jboss.company.com:8080/rightsmgmt_help_en

More details are available here.

6) Re-start the Apache Web Server.

7) Re-start the JBoss instance that hosts LiveCycle ES

8) Verify by pointing your browser at the Apache machine:
http://apache.company.com/edc/Main.do

Leave a comment

About this Entry

This page contains a single entry by Jayan Kandathil published on April 2, 2009 8:43 AM.

Reducing Latent CPU Utilization by LiveCycle JBoss Turnkey was the previous entry in this blog.

Configuring Apache Web Server as Edge Cache for LiveCycle Performance is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.