This article discusses how to set up a
reverse proxy for Lotus Connections 2.0.1 using WebSphere Application Server
Edge Server on Microsoft Windows 2003. It documents the steps used
by the Lotus System Verification Test (SVT) team to set up and test this
environment. See also the
Connections
2.0 example in this wiki.
Environment
1.The following picture shows the test topology:
.Environment configuration
Content server:
IBM WebSphere
Application Server 6.1
Web server:
IBH HTTP
Server 6.1
Proxy server:
IBM WebSphere
Application Server Edge Components 6.1
Application:
Open Activities
Security:
IHS-WAS
SSL enabled
Steps to install and configure Reverse Proxy
A. Installation of Edge Components
1.Double click on
launchpad.bat under Edge install source folder
2.Click on
Launch
the installation wizard for WebSphere Application Server - Edge Components
3.Click
Next
4.Click
Yes to accept Licence Agreement
5.Mark
Caching Proxy
box checked and click
Next
6.Click
Finish
7.Click
Finish to restart your machine
8.Start and Stop
Caching Proxy
Find
IBM Caching Proxy in Windows service list
Use
Start and
Stop button no the tool bar to control the
Proxy server
B. Base Configuration of Edge Components
1.Click
Start->All Programs->Edge Components->Caching
Proxy->Configuration Wizard
2.Click
Next
3.Keep default port
80 and click
Next
4.Fill in
Target Web Server field with your backend server
URL:
e.g. http://YourIHS.cn.ibm.com
Click
Next
5.Create
administrator account for your proxy server
User Name: admin
Password: passw0rd
Verify Password: passw0rd
Click
Next
6.Click
Finish
7.Click
OK
8.Trace path
\cp\etc\en_US\ibmproxy.conf
to open proxy configuration file
e.g. C:\Program
Files\IBM\edge\cp\etc\en_US\ibmproxy.conf
9.Locate
*START
NEW MAPPING RULES SECTION*
in the
ibmproxy.conf
Add
Pass /pub/* \cp\server_root\pub\en_US\*
before
Proxy directive
enable SendRevProxyName
yes
10.
Save and
Close the
ibmproxy.conf file
11.
Restart proxy server to make your change effective
12.Access
http:///pub/ to open
proxy admin console.
e.g. http://venturacn19.cn.ibm.com/pub/
When prompted to login, use the user name admin and
its password
C. Advance Configuration
Open
Proxy Configuration -> Proxy Settings form
Mark
HTTP box checked and click
Submit button
Open
Proxy Configuration -> Proxy Performance form
Mark
Run as a pure proxy box unchecked and click
Submit button
SSL setting
1. Create a
key database for
proxy server
a. Start
Ikeyman utility
Click
Start->All Programs->IBM WebSphere->Edge Components->Caching
Proxy->Start Key Management Utility
b. Click
Key Database File -> New...
When
New dialog occurs, fill in with :
Key database type : CMS
File Name: ProxyKey.kdb
Location: C:\ProxyDB
Click
OK
c. Enter
a password, such as :
passw0rd
Confirm Password:
passw0rd
Mark
Stash the password to a file? box
checked
Click
OK
d. Select
Personal Certificates
Click
Create -> New Self-Signed Certificate...
e. Certificate
properties
KeyLabel : ProxyCert
Version : X509V3
Key Size : 1024
Common name : YourProxy.cn.ibm.com
Organization : ibm
Click
OK
f. Set
up authorization between
Proxy and
Backend server (we use IHS
here)
1.Export
IHS Certificate and copy to
Proxy
Server
Open
IHS
kdb using
Ikeyman utility
Key database
type : CMS
File Name : plugin-key.kdb
Location : C:\IBM\HTTPServer\Plugins\etc\
Click
OK
When prompted to
input password, key in
WebAS, Click
OK
Select
WebSphere Plugin
Key lable and click
Extract Certificate... button
Data type : Base64-encoded ASCII data
Certificate file name : PluginCert.arm
Location : C:\
Click
OK
Copy
PluginCert.arm
to
Proxy server
2. Import
IHS Certificate into
Proxy kdb
Open
Proxy kdb using
Ikeyman utility
Select
Signer Certificates
Click
Add... button
Data type : Base64-encoded ASCII data
Certificate file name : PluginCert.arm
Location : C:\
Click
OK button
When prompted to enter
a label
Key in
PluginCert
Click
OK button
3. Close
Ikeyman utility
g. In Proxy
admin console
Open
Proxy Configuration -> SSL Settings form
Mark
Enable SSL box checked
Mark
Attempt to cache content on a secure request box checked
Fill in
Key Ring Database file field with your kdb location,
e.g.
c:\ProxyKDB\ProxyKey.kdb
Fill in
Key Ring Database Password File field with your password
file location,
e.g. c:\ProxyKDB\ProxyKey.sth
Click
Submit button
h.
Restart
proxy server to take your changes effctive
Modify
ibmproxy.conf file
Add
Proxy and
ReversePass
directives
Proxy /activities/* http://YourIHS.cn.ibm.com/activities/*
:80
Proxy /activities/* https://YourIHS.cn.ibm.com/activities/*
:443
ReversePass http://YourIHS.cn.ibm.com/* http://YourProxy.cn.ibm.com/*
ReversePass https://YourIHS.cn.ibm.com/* https://YourProxy.cn.ibm.com/*
Save and
Close ibmproxy.conf
file
Restart Proxy server to take
your changes effective
D. Test your Configuration
Access
http://YourProxy.cn.ibm.com/activities/
and
https://YourProxy.cn.ibm.com/activities/
via browser
Verify no error page occurs
E. Performance tuning
Storage & Memory
1. Format whole windows partition using
htcformat
Open Windows
Disk management tool
Right-Click
on a logical partition and select
Delete Logical Drive...
When
prompt to confirm, select
Yes
Re-create
the partition without format it
Open
Command
line prompt
Key in
htcformat \\.\d:
2. Specify Memory and Disk properties
Open
Cache
Configuration -> Cache Settings form
Mark
Enable
proxy caching box checked
For
Cache
memory field
The figure should be
+ 9
e.g. The size of
D: is
20G, so
we use 20000*1% + 9 =
209 here
Fill in
Block size field with
8192
Add your
disk cache device
\\.\d:
Click
Submit bottom
NOTE: All customer environments are different. Our
results were obtained in a controlled test environment. Customer
environments are typically less optimal and may not provide the same results.
Understanding your environment (usage scenario, network, etc...)
is crucial before recommending scaling numbers, hardware and solutions.
Content written by the Lotus SVT team and posted on their behalf