Configure Proxy / Loadbalancer
This article describes the configuration that could be required if the communication has to be routed through a load balancer / proxy.
This article suggest that the load balancer receives only HTTPS and speaks to the ApiOmat
HTTP.
The configuration was created under CentOS 6 / RedHat 6, Apache 2.2, ApiOmat
version >= 2.0 and Squid as proxy software.
Visualization of the configuration:
Proxy Server Configuration
Make sure that your proxy has two network cards and that you have a static ip adress for both or at least for the internal network.
Install squid if needed.
Install your own server certificate if you haven't already done so, like in this article: How To Create a SSL Certificate on Apache for CentOS 6
Configure apache as a reverse proxy: Open /etc/httpd/conf.d/ssl.conf and enter this lines:
<VirtualHost *:
443
>
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /yambas http:
//<APPSERVER IP>/yambas
ProxyPassReverse /yambas http:
//<APPSERVER IP>/yambas
ProxyPass /apidocs http:
//<APPSERVER IP>/apidocs
ProxyPassReverse /apidocs http:
//<APPSERVER IP>/apidocs
ProxyPass /dashboard http:
//<APPSERVER IP>/dashboard
ProxyPassReverse /dashboard http:
//<APPSERVER IP>/dashboard
The closing tag of <VirtualHost> can be found at the bottom of ssl.conf. If you run another configuration, make sure you copy this lines in a <VirtualHost *:443></<VirtualHost> tag.
SSL termination
If you terminate SSL on the loadbalancer/proxy and forward only http, then please make sure that the following headers will be send to the application server:
x-forwarded-proto: https
x-forwarded-host : <hostname>
If you loadbalancer/proxy will not do this automatically then please activate header modification module for apache.
sudo a2enmod headers
and then add in the <VirtualHost> section above the following line
RequestHeader set X-Forwarded-Proto
"https"
Restart the apache server.
service httpd restart
Application Server Configuration
Install ApiOmat as described in this article: RPM package installation
Make sure that mongodb is installed and you chose the SELinux configuration that fit into your security concept
Write the proxy information under /etc/apiomat/aom-yambas:
and into the system information of your operating system.
If you haven't already done so,
Create a file 'proxy.conf' under /etc/httpd/conf.d and insert:
<VirtualHost *:
80
>
ProxyRequests Off
ProxyPass /yambas ajp:
//localhost:8009/yambas
ProxyPassReverse /yambas ajp:
//localhost:8009/yambas
ProxyPass /apidocs http:
//localhost:8080/apidocs
ProxyPassReverse /apidocs http:
//localhost:8080/apidocs
</VirtualHost>
Insert your ApiOmat license under /etc/apiomat/apiomat.yaml, restart apache
service httpd restart
and start the aom-yambas service
service aom-yambas start.
Open the external url of your loadbalancer / proxy, you should see the apache default page from the app server.
Good to know
Incase you would like to upload with a native module . Do so by using this line:
curl -k https://<external ip>:443/yambas/rest/modules/<modulName>/sdk?update=overwrite --data-binary @<jar name>.jar -u <user email>:<user pwd> -H "Content-type:application/octet-stream"
The argument '-k' tells curl, that it doesn't need to proof the server certificate. If you want to do so, you can use '-cert=/path'.
Troubleshooting
-
When calling the dashboard an internal failure appears, stating that a log file cannot be written.
-
Disable SELinux entirely by changing the SELINUX setting to disabled in /etc/selinux/config. (source)
SELINUX=disabled
-
-
When starting the mongodb, it says that the size of files is to high.
-
Set the smallFiles value to 'true' under /(lookup)
-
mmapv1:
preallocDataFiles: <boolean>
nsSize: <int>
quota:
enforced: <boolean>
maxFilesPerDB: <int>
smallFiles: true
-
-
-
While running the installation of a .rpm package, it says that a repository can not be found.
-
yum clean all
yum check
yum erase apf
yum upgrade
-
-
While running the installation of a .rpm package, it says that a URL can not be found.
-
Proxy in /etc/yum.conf eintragen:
proxy=http://xxx.xxx.xx.xx:8080
-
-
Images on the dashboard can't be loaded
-
ensure that httpsTohttp is set in apiomat.yaml
-
ensure that the proxy is working and well configured
-
-
The installation of PHPMCrypt fails of course a dependency problem on Redhat 7
-
Use the 'remi' repository and EPEL
-