How to connect IBM HTTP Server as a Reverse Proxy with Artifactory?

Vignesh S
2020-05-27 18:31

What is IHS ?

 

IBM HTTP Server (IHS) is a web server based on the Apache HTTP Server and provides a set of Apache features in addition to IBM enhancements.

 

Instructions:

Open Artifactory UI and navigate to the Admin tab -> Configuration -> HTTP settings page, set the 'Reverse Proxy Settings' to 'Apache' and click on Save.

 

As IHS is similar to Apache HTTP Server, we can use the reverse proxy configurations generated by Artifactory and configure the modules/parameters in the configuration file according to the IHS.

Step 1: Install the IBM HTTP Server and the default configuration would be available in /opt/IBM/HTTPServer/conf/httpd.conf

Step 2: Place the sample template configuration which listens on port 80 (http) and load the necessary modules in the configuration file
Modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so

Configuration:###########################################################
## this configuration was generated by JFrog Artifactory ##
###########################################################
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
Listen 80
<VirtualHost *:80>
    ProxyPreserveHost On

    ServerName <servername>
    ServerAlias *.<servername>
    ServerAdmin server@admin

    ## Application specific logs
    ErrorLog /var/log/apache/<servername>-error.log
    CustomLog /var/log/apache/<servername>-access.log combined
    AllowEncodedSlashes On
    RewriteEngine on

    RewriteCond %{SERVER_PORT} (.*)
    RewriteRule (.*) - [E=my_server_port:%1]
    ##  NOTE: The 'REQUEST_SCHEME' Header is supported only from apache version 2.4 and above
    RewriteCond %{REQUEST_SCHEME} (.*)
    RewriteRule (.*) - [E=my_scheme:%1]

    RewriteCond %{HTTP_HOST} (.*)
    RewriteRule (.*) - [E=my_custom_host:%1]

    RewriteRule "^/(v2)/(.*)$" "/artifactory/$1/$2" [P]


    RewriteRule ^/$                /artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$      /artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$   /artifactory/webapp/ [R,L]

    RequestHeader set Host %{my_custom_host}e
    RequestHeader set X-Forwarded-Port %{my_server_port}e
    ## NOTE: {my_scheme} requires a module which is supported only from apache version 2.4 and above
    RequestHeader set X-Forwarded-Proto %{my_scheme}e
    RequestHeader set X-Artifactory-Override-Base-Url %{my_scheme}e://<servername>:%{my_server_port}e/artifactory
    ProxyPassReverseCookiePath /artifactory /artifactory

    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /artifactory/ http://<server-ip>/artifactory
    ProxyPassReverse /artifactory/ http://<server-ip>/artifactory
</VirtualHost>

How to rewrite HTTP(80) requests to HTTPS(443)?

The rewrite module can be used to automatically rewrite all HTTP requests to HTTPS.
To have a secure communication, SSLEnable will enable SSL for the VirtualHost and SSLDisable will disable the SSL outside the VirtualHost

Step 1:Load the SSL modules in the configuration file

Modules:LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

Step 2: Provide the KeyFile location generated using ikeyman under the virtual hosts where SSL is enabledKeyFile /opt/IBM/HTTPServer/conf/ihsserverkey.kdb
The KeyFile points to the key database file that contains the personal server certificates required by the browser during an SSL handshake

Step 3: Place the sample template in the configuration file which listens to 443

Configuration:LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
<VirtualHost *:443>

    ProxyPreserveHost On

    ServerName <servername>
    ServerAlias *.<servername>
    ServerAdmin server@admin

    SSLEnable
    SSLProxyEngine on
    KeyFile /opt/IBM/HTTPServer/conf/ihsserverkey.kdb

    ## Application specific logs
    ErrorLog /var/log/apache/<servername>-error.log
    CustomLog /var/log/apache/<servername>-access.log combined

    AllowEncodedSlashes On
    RewriteEngine on

    RewriteCond %{SERVER_PORT} (.*)
    RewriteRule (.*) - [E=my_server_port:%1]
    ##  NOTE: The 'REQUEST_SCHEME' Header is supported only from apache version 2.4 and above
    RewriteCond %{REQUEST_SCHEME} (.*)
    RewriteRule (.*) - [E=my_scheme:%1]

    RewriteCond %{HTTP_HOST} (.*)
    RewriteRule (.*) - [E=my_custom_host:%1]

    RewriteRule "^/(v2)/(.*)$" "/artifactory/$1/$2" [P]


    RewriteRule ^/$                /artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$      /artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$   /artifactory/webapp/ [R,L]

    RequestHeader set Host %{my_custom_host}e
    RequestHeader set X-Forwarded-Port %{my_server_port}e
    ## NOTE: {my_scheme} requires a module which is supported only from apache version 2.4 and above
    RequestHeader set X-Forwarded-Proto %{my_scheme}e
    RequestHeader set X-Artifactory-Override-Base-Url %{my_scheme}e://<servername>:%{my_server_port}e/artifactory
    ProxyPassReverseCookiePath /artifactory /artifactory

    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /artifactory/ http://<server-ip>/artifactory
    ProxyPassReverse /artifactory/ http://<server-ip>/artifactory
</VirtualHost>
SSLDisable