Versions Compared

Old Version 70

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 71

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Appendix 1 - Configuring Apache as FrontEnd WebServer to KOP

 


If you choose Apache web server as the front-end for your Kiuwan on premise installation, you may follow the following configuration examples and/or check your  current configuration agrees with the suggested examples. 

 

HTTP Protocol

 

For this kind of access you just need to add a virtual host and configure how Apache will talk to Kiuwan.

Before this make sure your Apache installation has these modules available:

 

  • mod_proxy

  • mod_proxy_ajp (if you want ajp communication between front and backend servers)

  • mod_proxy_http (if you want ajp communication between front and backend servers)

  • mod_proxy_wstunnel

...

Code Block
languagexml
<VirtualHost *:[KIUWAN_PORT]>
	ServerName [KIUWAN_HOST]
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	LogLevel debug
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
		Require all granted 
	</Proxy>
	 
	ProxyPass		/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	ProxyPassReverse	/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	 
	<Location />
		Require all granted
	</Location>
</VirtualHost>

 

...


HTTPS Protocol
 
For this kind of access you will need: 
  • A virtual host configured in Apache will talk to Kiuwan (see below).
  • Open an https port in Apache (usually 443).
  • A certificate for the exposed host name (KIUWAN_WEBSERVER_HOST).
...
Before this make sure your Apache installation has these modules available:
 
  • mod_proxy
  • mod_proxy_ajp (if you want ajp communication between front and backend servers)
  • mod_proxy_http (if you want ajp communication between front and backend servers)
  • mod_proxy_wstunnel
  • mod_rewrite
  • mod_ssl
...
Please make sure you generate a certificate for your kiuwan host name and it is signed by a trusted CA inside your organization. At this point you need three files:
 
  • [KIUWAN_WEBSERVER_HOST].crt: the certificate for your kiuwan host.
  • [KIUWAN_WEBSERVER_HOST].key: the private key.
  • ca.crt: the trusted CA certificate.
 
Refer to Kiuwan On-Premises Installation Guide  for more information on how to create and install certificates. 
Please note that you must install the CA certificate on the docker container before proceeding.
 

Place the previous files at this locations (we put here the default locations for these files, but it is up to you to change this paths): 
  • /etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt
  • /etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key
  • /etc/apache2/ssl.crt/ca.crt
...
 Code Block
languagexml
<VirtualHost *:[KIUWAN_WEBSERVER_PORT]>
	ServerName [KIUWAN_WEBSERVER_HOST]
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt
	SSLCertificateKeyFile /etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key
	SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt

	LogLevel debug
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
		Require all granted 
	</Proxy>
	 
	ProxyPass		/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	ProxyPassReverse	/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	 
	<Location />
		Require all granted
	</Location>
	
	# Redirect http traffic to https
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

</VirtualHost>