Apache HTTP Server

---

Depending on the deployment, either Apache HTTP Server 2.0.x or 2.2.x can be used as the front-end. When the Asynchronous HTTP Server is to be deployed to a single application server or to a single node in a cluster of application servers, both versions of Apache can be used. However, if the Asynchronous HTTP Server is to be deployed to multiple nodes in a cluster of application servers, Apache 2.2.x is to be used.

Routing Requests

To route all blocking requests to the Asynchronous HTTP Server and all other requests to the application server, add the following code to the end of the Apache configuration file.

Note: The VirtualHost container is not mandatory for Apache 2.0.x; when omitted, its directives, such as ServerAdmin, need to be omitted as well.

<VirtualHost _default_>
 
   ServerAdmin webmaster@host.example.com
 
   DocumentRoot /var/www/html/host.example.com
 
   ServerName host.example.com
 
   ErrorLog logs/host.example.com-error_log
 
   TransferLog logs/host.example.com-access_log
 

 
   <IfModule mod_proxy.c>
 
     ProxyRequests Off
 

 
     <Proxy *>
 
        Order deny,allow
 
        Allow from all
 
     </Proxy>
 

 
     # The following two directives will route all blocking requests to the
 
     # Asynchronous HTTP Server (identified by host:port).
 
     ProxyPass  /application-name/block/receive-updated-views
 
                http://host:port/application-name/block/receive-updated-views
 

 
     ProxyPassReverse /application-name/block/receive-updated-views
 
                      http://host:port/application-name/block/receive-updated-views
 

 
     # The following two directives will route all other requests to the
 
     # application server (identified by host:port).
 
     ProxyPass     /application-name
 
                   http://host:port/application-name
 
     ProxyPassReverse /application-name
 
                      http://host:port/application-name
 
   </IfModule>
 
</VirtualHost>
 

Note: The previous ProxyPass and ProxyPassReverse directives must appear on a single line in your configuration file.

If multiple ICEfaces applications are deployed behind the Asynchronous HTTP Server, multiple ProxyPass and ProxyPassReverse directives should be included, two sets for each application. If an Apache HTTP Server plug-in is used, which is discussed in Apache HTTP Server, the last ProxyPass and ProxyPassReverse set can be omitted.

Note: It is critical that the port number, mentioned in the first ProxyPass and ProxyPassReverse set, matches the port number in the Asynchronous HTTP Server's configuration file, which is discussed in Deploying the Asynchronous HTTP Server. Evidently the port number, mentioned in the second ProxyPass and ProxyPassReverse set, should match the port number of the application server.

To have proxy support in the Apache HTTP Server, the mod_proxy and mod_proxy_http modules are required. In the Apache configuration file where all modules are being loaded, add the following if not already added:

LoadModule proxy_module modules/mod_proxy.so
 
LoadModule proxy_http_module modules/mod_proxy_http.so
 

For more information on how to load modules into Apache HTTP Server, refer to Apache Module mod_so which can be found at:

http://httpd.apache.org/docs/2.0/mod/mod_so.html (Apache 2.0.x)

http://httpd.apache.org/docs/2.2/mod/mod_so.html (Apache 2.2.x)

Security Considerations

Authentication

To enforce authentication of the user when accessing an ICEfaces application, add the following code to the Apache configuration file before the added IfModule container:

<LocationMatch ^/application-name>
 
    AuthName "ICEfaces Member-Only Access"
 
    AuthType Basic
 
    AuthUserFile /var/www/secrets/.members
 
    require valid-user
 
</LocationMatch>
 

The <LocationMatch regex> container determines that every location (Request-URI), which begins with (^) the literal string "/application-name" where the application-name is the name of the ICEfaces application, is part of the ICEfaces Member-Only Access realm, and therefore, requires basic authentication for every user.

Secure Sockets Layer (SSL)

1. To enforce the usage of SSL when accessing an ICEfaces application, add the following code to the Apache configuration file before the added LocationMatch container:

RewriteEngine On
 
RewriteCond %{SERVER_PORT} ^80$
 
RewriteCond %{REQUEST_URI} ^/application-name
 
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301,L]
 

The RewriteCond directives define the following conditions:

• if the port address of the server (%{SERVER_PORT}) begins with (^) and ends with ($), thus exactly matches the literal string "80"; and
• if the Request-URI (%{REQUEST_URI}) begins with (^) the literal string
  "/application-name", where the application-name is the name of the ICEfaces application.

If both of the previous conditions are met, the RewriteRule directive defines how the Request-URI is rewritten to use HTTPS as follows:

• $1 corresponds to the string found in the set of parentheses (that is, everything after the root (/)); and
• rewrite the Request-URI to https://%{HTTP_HOST}/$1, where %{HTTP_HOST} is the server's host name.

After rewriting the Request-URI, force an external redirect (301 Moved Permanently) to the client (R=301).

Finally, tell the rewrite engine to end rule processing immediately (L), so that no other rules are applied to the last substituted Request-URI.

2. In order to have rewrite engine support, the mod_rewrite module is required. In the Apache configuration file where all modules are being loaded, add the following if not already added:

LoadModule rewrite_module modules/mod_rewrite.so
 

Copyright 2005-2007. ICEsoft Technologies, Inc. http://www.icesoft.com