Deploy and Configure Apache
Use the information on this page to configure an Apache Web Server instance to direct http requests to the appropriate server within your Advisors deployment.
Genesys strongly recommends that you configure Apache to accept HTTP over SSL (HTTPS) connections. The streaming protocols used by Advisors are not required to be encrypted, but this is a more secure form of communication, and helps prevent possible interference from legacy virus scanners, firewalls, proxies, and so on, which don't properly support streaming protocols and might attempt to buffer unencrypted traffic. Using HTTPS connections helps to ensure both the security and reliability of the connection to the Advisors server. Requests between Apache and the Tomcat server running Advisors can also use HTTPS connections if needed.
Configure Apache Modules
The recommended Advisors Apache configuration requires the following modules:
To enable Apache modules, edit the relevant file or use the relevant configuration tools for your environment. In many installations, this will involve editing your httpd.conf file. For more information on the files used to configure Apache, see the Apache documentation describing the files used to configure Apache.
For example, to use the SSL module, uncomment that line:
Uncomment this line:
#LoadModule ssl_module modules/mod_ssl.so
It now looks like this:
LoadModule ssl_module modules/mod_ssl.so
To configure Apache to support HTTPS:
- Obtain or generate the SSL security certificate and private key.
- Configure Apache to use your certificate.
Obtaining a Certificate
An SSL certificate signing request (CSR) can be generated and submitted to a certificate authority using OpenSSL or a similar tool. You can then issue a certificate if you are your own certificate authority, or a certificate can be issued by a third-party certificate authority.
The OpenSSL req command can be used to generate the request, or to generate a self-signed certificate in a single step. For more information, see the OpenSSL documentation.
Configure Apache to use your Certificate
In general, to configure Apache to use your certificate, add the following configuration to the Apache virtual host that is used for Advisors, and for the port on which HTTPS connections are accepted (the default HTTPS port is 443):
SSLEngine on SSLCertificateFile /path/to/your/certificate.pem SSLCertificateKeyFile /path/to/your/certificate.key
For example, to configure the certificate globally in Apache, use the following configuration:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/your/certificate.pem SSLCertificateKeyFile /path/to/your/certificate.key </VirtualHost>
For more information about virtual hosts, see the Apache virtual host documentation.
Configure Routing for Advisors Components
Advisors components can be distributed across many servers. The Apache configuration enables proper routing of requests to these components. In some cases, there might be multiple installations of the same component. In these cases, requests can be load-balanced to different Apache servers, each one directing these requests to different servers.
Each Advisors component routing entry in the Apache configuration directs its request to <hostname> (see the configuration example below). In your configuration, change <hostname> to the host name of the server on which the component is installed. This will vary depending on your particular installation. Note that requests are matched to the first ProxyPass entry in the order in which they are listed within the Apache configuration, so Genesys recommends that you add the routing information in the same order that is outlined in the following configuration example.
Template Configuration Example
In the following template configuration example, the text might wrap to multiple lines, but each ProxyPass statement must be on a single line in the Apache configuration.
Also take care to use the appropriate port for the url and its protocol being proxied. In this example requests to Tomcat over ajp use port 8009 while websocket communication uses http port 8080. The specific ports used may vary depending on your Tomcat configuration if modified from the default.
#Route to resource management console ProxyPass /rmc/ ajp://<hostname>:8009/rmc/ #Route to CCAdv accessibility web services ProxyPass /ca-xml/ ajp://<hostname>:8009/ca-xml/ #Route to Workforce accessibiltiy web services ProxyPass /wu/ ajp://<hostname>:8009/wu/ #Route to Advisors metric graphing ProxyPass /ea-ws/ ajp://<hostname>:8009/ea-ws/ ProxyPass /dashboard/ ajp://<hostname>:8009/dashboard/ #Route to Advisors administration module ProxyPass /admin ajp://<hostname>:8009/admin #Route to FA server ProxyPass /fa/com.informiam.fa.admin.gwt.AdminConsole/ ajp://<hostname>:8009/fa/com.informiam.fa.admin.gwt.AdminConsole/ timeout=86400 ProxyPass /fa/ ajp://<hostname>:8009/fa/ #Route to Advisors web services ProxyPass /adv/websocket/wsconnection/info ajp://<hostname>:8009/adv/websocket/wsconnection/info ProxyPassMatch /adv/websocket/wsconnection/(.*)/(.*)/websocket ws://<hostname>:8080/adv/websocket/wsconnection/$1/$2/websocket ProxyPass /adv/ ajp://<hostname>:8009/adv/ #Route to Advisors platform installation ProxyPass /base-ws/ ajp://<hostname>:8009/base-ws/ ProxyPass /nav-service/ ajp://<hostname>:8009/nav-service/ ProxyPass /prefs-service/ ajp://<hostname>:8009/prefs-service/ ProxyPass / ajp://<hostname>:8009/
Routing With HTTPS Connections From Apache
In addition to configuring HTTPS connections for incoming requests to Apache, as described in the Configure HTTPS section, you can also configure an HTTPS connection between Apache and Tomcat. To do this, you must update the following information in the ProxyPass entries that route requests:
- Use the HTTPS and WSS protocols, which replace AJP and WS.
- Specify the port. By default, the Tomcat HTTPS connector is configured to use port 8443.
The Tomcat HTTPS connector can be used on port 8443 without any additional configuration. If you will not be using the default configuration, see the documentation that describes how to customize the configuration of the Tomcat HTTPS connector.