Jump to: navigation, search

Deploy and Configure Apache

Use the information on this page to configure an Apache Web Server instance to direct http requests to the appropriate server within your Advisors deployment.

Genesys strongly recommends that you configure Apache to accept HTTP over SSL (HTTPS) connections. The streaming protocols used by Advisors are not required to be encrypted, but this is a more secure form of communication, and helps prevent possible interference from legacy virus scanners, firewalls, proxies, and so on, which don't properly support streaming protocols and might attempt to buffer unencrypted traffic. Using HTTPS connections helps to ensure both the security and reliability of the connection to the Advisors server. Requests between Apache and the Tomcat server running Advisors can also use HTTPS connections if needed.

Configure Apache Modules

The recommended Advisors Apache configuration requires the following modules:

  • ssl
  • headers
  • proxy
  • proxy_ajp
  • proxy_http
  • proxy_wstunnel

To enable Apache modules, edit the relevant file or use the relevant configuration tools for your environment. In many installations, this will involve editing your httpd.conf file. For more information on the files used to configure Apache, see the Apache documentation describing the files used to configure Apache.

For example, to use the SSL module, uncomment that line:

Uncomment this line:
#LoadModule ssl_module modules/mod_ssl.so

It now looks like this:
LoadModule ssl_module modules/mod_ssl.so

Configure HTTPS

To configure Apache to support HTTPS:

  • Obtain or generate the SSL security certificate and private key.
  • Configure Apache to use your certificate.

Obtaining a Certificate

An SSL certificate signing request (CSR) can be generated and submitted to a certificate authority using OpenSSL or a similar tool. You can then issue a certificate if you are your own certificate authority, or a certificate can be issued by a third-party certificate authority.

The OpenSSL req command can be used to generate the request, or to generate a self-signed certificate in a single step. For more information, see the OpenSSL documentation.

Configure Apache to use your Certificate

In general, to configure Apache to use your certificate, add the following configuration to the Apache virtual host that is used for Advisors, and for the port on which HTTPS connections are accepted (the default HTTPS port is 443):

SSLEngine on
SSLCertificateFile      /path/to/your/certificate.pem
SSLCertificateKeyFile /path/to/your/certificate.key

For example, to configure the certificate globally in Apache, use the following configuration:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile      /path/to/your/certificate.pem
SSLCertificateKeyFile /path/to/your/certificate.key

For more information about virtual hosts, see the Apache virtual host documentation.

Configure Routing for Advisors Components

Advisors components can be distributed across many servers. The Apache configuration enables proper routing of requests to these components. In some cases, there might be multiple installations of the same component. In these cases, requests can be load-balanced to different Apache servers, each one directing these requests to different servers.

Each Advisors component routing entry in the Apache configuration directs its request to <hostname> (see the configuration example below). In your configuration, change <hostname> to the host name of the server on which the component is installed. This will vary depending on your particular installation. Note that requests are matched to the first ProxyPass entry in the order in which they are listed within the Apache configuration, so Genesys recommends that you add the routing information in the same order that is outlined in the following configuration example.

Template Configuration Example

In the following template configuration example, the text might wrap to multiple lines, but each ProxyPass statement must be on a single line in the Apache configuration.

#Route to resource management console
ProxyPass /rmc/ ajp://<hostname>:8009/rmc/
#Route to CCAdv accessibility web services
ProxyPass /ca-xml/ ajp://<hostname>:8009/ca-xml/
#Route to Workforce accessibiltiy web services
ProxyPass /wu/ ajp://<hostname>:8009/wu/
#Route to Advisors metric graphing
ProxyPass /ea-ws/ ajp://<hostname>:8009/ea-ws/
ProxyPass /dashboard/ ajp://<hostname>:8009/dashboard/
#Route to Advisors administration module
ProxyPass /admin ajp://<hostname>:8009/admin
#Route to FA server
ProxyPass /fa/com.informiam.fa.admin.gwt.AdminConsole/ ajp://<hostname>:8009/fa/com.informiam.fa.admin.gwt.AdminConsole/ timeout=86400
ProxyPass /fa/ ajp://<hostname>:8009/fa/
#Route to Advisors web services
ProxyPass /adv/websocket/wsconnection/info ajp://<hostname>:8009/adv/websocket/wsconnection/info
ProxyPassMatch /adv/websocket/wsconnection/(.*)/(.*)/websocket ws://<hostname>:8080/adv/websocket/wsconnection/$1/$2/websocket
ProxyPass /adv/ ajp://<hostname>:8009/adv/
#Route to Advisors platform installation
ProxyPass /base-ws/ ajp://<hostname>:8009/base-ws/
ProxyPass /nav-service/ ajp://<hostname>:8009/nav-service/
ProxyPass /prefs-service/ ajp://<hostname>:8009/prefs-service/
ProxyPass / ajp://<hostname>:8009/

Routing With HTTPS Connections From Apache

In addition to configuring HTTPS connections for incoming requests to Apache, as described in the Configure HTTPS section, you can also configure an HTTPS connection between Apache and Tomcat. To do this, you must update the following information in the ProxyPass entries that route requests:

  • Use the HTTPS and WSS protocols, which replace AJP and WS.
  • Specify the port. By default, the Tomcat HTTPS connector is configured to use port 8443.

The Tomcat HTTPS connector can be used on port 8443 without any additional configuration. If you will not be using the default configuration, see the documentation that describes how to customize the configuration of the Tomcat HTTPS connector.

[+] Example HTTPS Routing Configuration

Comment on this article:

blog comments powered by Disqus
This page was last modified on 7 February 2018, at 14:12.