...
Appendix 1 - Configuring Apache as FrontEnd WebServer to KOP
If you choose Apache web server as the front-end for your Kiuwan on premise installation, you may follow the following configuration examples and/or check your current configuration agrees with the suggested examples.
HTTP Protocol
For this kind of access you just need to add a virtual host and configure how Apache will talk to Kiuwan.
Before this make sure your Apache installation has these modules available:
mod_proxy
mod_proxy_ajp (if you want ajp communication between front and backend servers)
mod_proxy_http (if you want ajp communication between front and backend servers)
mod_proxy_wstunnel
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:[KIUWAN_PORT]>
ServerName [KIUWAN_HOST]
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass / [ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
ProxyPassReverse / [ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
<Location />
Require all granted
</Location>
</VirtualHost>
|
...
HTTPS Protocol
For this kind of access you will need:
A virtual host configured in Apache will talk to Kiuwan (see below).
Open an https port in Apache (usually 443).
A certificate for the exposed host name (KIUWAN_WEBSERVER_HOST).
...
Before this make sure your Apache installation has these modules available:
mod_proxy
mod_proxy_ajp (if you want ajp communication between front and backend servers)
mod_proxy_http (if you want ajp communication between front and backend servers)
mod_proxy_wstunnel
mod_rewrite
mod_ssl
...
Please make sure you generate a certificate for your kiuwan host name and it is signed by a trusted CA inside your organization. At this point you need three files:
[KIUWAN_WEBSERVER_HOST].crt: the certificate for your kiuwan host.
[KIUWAN_WEBSERVER_HOST].key: the private key.
ca.crt: the trusted CA certificate.
Refer to Kiuwan On-Premises Installation Guide for more information on how to create and install certificates.
Please note that you must install the CA certificate on the docker container before proceeding.
Place the previous files at this locations (we put here the default locations for these files, but it is up to you to change this paths):
/etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt
/etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key
/etc/apache2/ssl.crt/ca.crt
...
Code Block | ||
---|---|---|
| ||
<VirtualHost *:[KIUWAN_WEBSERVER_PORT]>
ServerName [KIUWAN_WEBSERVER_HOST]
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt
SSLCertificateKeyFile /etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key
SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass / [ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
ProxyPassReverse / [ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
<Location />
Require all granted
</Location>
# Redirect http traffic to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>
|