. . .

Configure Proxy / Loadbalancer

This article describes the configuration that could be required if the communication has to be routed through a load balancer / proxy.
This article suggest that the load balancer receives only HTTPS and speaks to the ApiOmat HTTP.
The configuration was created under CentOS 6 / RedHat 6, Apache 2.2, ApiOmat version >= 2.0 and Squid as proxy software.

Visualization of the configuration:

images/download/attachments/61478644/proxyProblem.png

Proxy Server Configuration

Make sure that your proxy has two network cards and that you have a static ip adress for both or at least for the internal network.

Install squid if needed.

Install your own server certificate if you haven't already done so, like in this article: How To Create a SSL Certificate on Apache for CentOS 6

Configure apache as a reverse proxy: Open /etc/httpd/conf.d/ssl.conf and enter this lines:

ssl.conf
<VirtualHost *:443>
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /yambas http://<APPSERVER IP>/yambas
ProxyPassReverse /yambas http://<APPSERVER IP>/yambas
ProxyPass /apidocs http://<APPSERVER IP>/apidocs
ProxyPassReverse /apidocs http://<APPSERVER IP>/apidocs
ProxyPass /dashboard http://<APPSERVER IP>/dashboard
ProxyPassReverse /dashboard http://<APPSERVER IP>/dashboard

The closing tag of <VirtualHost> can be found at the bottom of ssl.conf. If you run another configuration, make sure you copy this lines in a <VirtualHost *:443></<VirtualHost> tag.

SSL termination

If you terminate SSL on the loadbalancer/proxy and forward only http, then please make sure that the following headers will be send to the application server:

x-forwarded-proto: https
x-forwarded-host : <hostname>

If you loadbalancer/proxy will not do this automatically then please activate header modification module for apache.

sudo a2enmod headers

and then add in the <VirtualHost> section above the following line

RequestHeader set X-Forwarded-Proto "https"

Restart the apache server.

service httpd restart

Application Server Configuration

Install ApiOmat as described in this article: RPM package installation

Make sure that mongodb is installed and you chose the SELinux configuration that fit into your security concept

Write the proxy information under /etc/apiomat/aom-yambas:

 

and into the system information of your operating system.

If you haven't already done so,

Create a file 'proxy.conf' under /etc/httpd/conf.d and insert:

<VirtualHost *:80>
ProxyRequests Off
ProxyPass /yambas ajp://localhost:8009/yambas
ProxyPassReverse /yambas ajp://localhost:8009/yambas
 
ProxyPass /apidocs http://localhost:8080/apidocs
ProxyPassReverse /apidocs http://localhost:8080/apidocs
</VirtualHost>

Insert your ApiOmat license under /etc/apiomat/apiomat.yaml, restart apache

service httpd restart

and start the aom-yambas service

service aom-yambas start.

Open the external url of your loadbalancer / proxy, you should see the apache default page from the app server.

Good to know

Incase you would like to upload with a native module . Do so by using this line:

curl -k https://<external ip>:443/yambas/rest/modules/<modulName>/sdk?update=overwrite --data-binary @<jar name>.jar -u <user email>:<user pwd> -H "Content-type:application/octet-stream"

The argument '-k' tells curl, that it doesn't need to proof the server certificate. If you want to do so, you can use '-cert=/path'.

Troubleshooting

  • When calling the dashboard an internal failure appears, stating that a log file cannot be written.

    • Disable SELinux entirely by changing the SELINUX setting to disabled in /etc/selinux/config. (source)

      • SELINUX=disabled
  • When starting the mongodb, it says that the size of files is to high.

    • Set the smallFiles value to 'true' under /(lookup)

      • mmapv1:
        preallocDataFiles: <boolean>
        nsSize: <int>
        quota:
        enforced: <boolean>
        maxFilesPerDB: <int>
        smallFiles: true

  • While running the installation of a .rpm package, it says that a repository can not be found.

    • yum clean all
      yum check
      yum erase apf
      yum upgrade

  • While running the installation of a .rpm package, it says that a URL can not be found.

  • Images on the dashboard can't be loaded

    • ensure that httpsTohttp is set in apiomat.yaml

    • ensure that the proxy is working and well configured

  • The installation of PHPMCrypt fails of course a dependency problem on Redhat 7

    • Use the 'remi' repository and EPEL