Announcement

Collapse
No announcement yet.

Trouble with OTM behind Websphere Edge as reverse-proxy?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trouble with OTM behind Websphere Edge as reverse-proxy?

    Has anyone set-up OTM with websphere as the reverse proxy? We tried using the steps described in the section "Enabling Reverse-Proxy Support" of the Administration Guide but it does not seem to work.

    Anyone have any ideas or suggestions? Please help

    Thanks

    Dereference

  • #2
    Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

    Yes - OTM works with several reverse-proxy (RP) servers, though it was designed to work behind Apache-based RP servers. I've configured it in the past to work with Netegrity, Aventail, Apache and Microsoft ISA. Unfortunately, I haven't seen it work with WebSphere Edge

    You are correct to configure the glog.webserver.URL to point towards your reverse-proxy:
    Code:
    glog.webserver.URL=https://reverse-proxy.nexweb.org:443
    The problem you're experiencing is that OTM uses very complex javascript and the WebSphere Edge Server is trying to manipulate it in order to make it work. I've seen the same issue with Aventail and it just doesn't work. You'll need to do the following:
    1. Disable all html, jsp, javascript and URL parsing in the reverse-proxy server.
    2. Utilize a URL prefix (such as /otmprod) and allow the reverse-proxy server. This ensures that OTM will automatically prepend the URL prefix to all outbound URLs, including javascript.
    3. Ensure that the reverse-proxy server strips the URL prefix off before passing requests back to OTM.
    So your data transmission looks like this:
    • Request from browser to RPL:
      • http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.servlet.umt.Login
    • Request from RP to OTM web:
      • http://otmserver.mavenwire.com/GC3/glog.webserver.servlet.umt.Login
    • Response from OTM web to RP:
      • http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
    • Response from RP web to browser:
      • http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
    • Request from browser to RPL:
      • http://otmserver.mavenwire.com/otmprod/GC3/glog.webserver.util.FrameGC3Servlet
    • Request from RP to OTM web:
      • http://otmserver.mavenwire.com/GC3/glog.webserver.util.FrameGC3Servlet
    • ... and so on.
    This requires the proper configuration of your RP server and setting the following property in OTM:
    Code:
    glog.webserver.urlprefix=/otmprod
    If that doesn't work, then the only option is to utilize one of the known-good reverse-proxy servers noted above.

    Thanks,
    --Chris

    Comment


    • #3
      Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

      Thanks Chris. We will try the steps you suggested and will keep you posted on the results. Thanks again. Much Help

      Dereference

      Comment


      • #4
        Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

        Hi Chris,

        We are working on the ibmproxy config file right now. Meantime, I have another question. Would you know or have you had situations where OTM was setup behind Squid as reverse-proxy?

        We're just making plans for other options and Apache is definitely one option but we do have a linux box right now with squid.

        Please advise

        Thanks again Chris,

        Joby

        Comment


        • #5
          Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

          Joby,

          Yes - I've seen Squid used also. This usually requires a one-to-one IP/hostname address mapping (external IP/hostname translates directly to the internal app IP/hostname). In this case, you may not need to use the URL Prefix option.

          Otherwise, Apache works very well and it (including commercial derivatives) is the most widely used RP with OTM.

          --Chris

          Comment


          • #6
            Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

            Originally posted by chrisplough View Post
            Joby,

            Yes - I've seen Squid used also. This usually requires a one-to-one IP/hostname address mapping (external IP/hostname translates directly to the internal app IP/hostname). In this case, you may not need to use the URL Prefix option.

            Otherwise, Apache works very well and it (including commercial derivatives) is the most widely used RP with OTM.

            --Chris

            Chris,

            Thanks much. Still no progress with Webspere. We may have to go with Apache as RP. Any example config files you can point us to for a successful implementation of Apache as RP?

            Again thanks so much for the infor.

            Dereference

            Comment


            • #7
              Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

              Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path:

              Code:
              ProxyPass /otm/ http://otm55prod.company.com
              ProxyPassReverse / http://otm55prod.company.com
              ProxyPassReverseCookiePath    /    /otm55prod/
              This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.

              BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.

              --Chris

              Comment


              • #8
                Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                Originally posted by chrisplough View Post
                Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path:

                Code:
                ProxyPass /otm/ http://otm55prod.company.com
                ProxyPassReverse / http://otm55prod.company.com
                ProxyPassReverseCookiePath    /    /otm55prod/
                This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.

                BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.


                --Chris

                Chris,

                Thanks. That's much help. We'll take it from there and let you know how it goes.

                Thanks again

                Joby

                Comment


                • #9
                  Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                  Originally posted by dereference View Post
                  Chris,

                  Thanks. That's much help. We'll take it from there and let you know how it goes.

                  Thanks again

                  Joby
                  Originally posted by chrisplough View Post
                  Unfortunately, the RP config files were for various clients and I don't have any full config files that I'm at liberty to share. I can share a partial config, however, and this may be enough to get you going down the right path:

                  Code:
                  ProxyPass /otm/ http://otm55prod.company.com
                  ProxyPassReverse / http://otm55prod.company.com
                  ProxyPassReverseCookiePath    /    /otm55prod/
                  This would require the URL Prefix in the OTM glog.properties file to be set to "/otm". Keep in mind that once OTM is configured for RP access using the URL Prefix, you won't be able to connect to it directly and get full screens.

                  BTW - I have run across one client no who is using WebSphere as a RP and it is working. Unfortunately, the same applies - can't share their data, since it is client specific.

                  --Chris

                  Chris, We fixed the problem.

                  Thanks so much! Your notes helped tremendously. More power to you.l

                  Sincerely


                  Dereference

                  Comment


                  • #10
                    Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                    Hello,

                    I'm glad to hear that you've gotten it working. Which route did you finally go down? Apache, Squid, WebSphere?

                    Please post the details to your final solution. This will help others who encounter a similar issue and keep our community growing.

                    Thanks,
                    Chris

                    Comment


                    • #11
                      Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                      Originally posted by chrisplough View Post
                      Hello,

                      I'm glad to hear that you've gotten it working. Which route did you finally go down? Apache, Squid, WebSphere?

                      Please post the details to your final solution. This will help others who encounter a similar issue and keep our community growing.

                      Thanks,
                      Chris

                      Hi Chris,

                      Here are our final settings:

                      snippet from glog.properties in both OTM Web and App Servers:
                      ========================================
                      glog.webserver.urlprefix=/otm

                      # web server URL (may differ from server name)
                      glog.webserver.URL=https://reverseproxy.our.org:443$glog.webserver.urlprefix$


                      And in ibmproxy.conf...

                      ReversePass https://otmprod.our.us/* https://reverseproxy.our.org/*

                      Thanks again so much


                      Joby

                      Comment


                      • #12
                        Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                        Originally posted by dereference View Post
                        Hi Chris,

                        Here are our final settings:

                        snippet from glog.properties in both OTM Web and App Servers:
                        ========================================
                        glog.webserver.urlprefix=/otm

                        # web server URL (may differ from server name)
                        glog.webserver.URL=https://reverseproxy.our.org:443$glog.webserver.urlprefix$


                        And in ibmproxy.conf...

                        ReversePass https://otmprod.our.us/* https://reverseproxy.our.org/*

                        Thanks again so much


                        Joby


                        Oh by the way, the RP is IBM Websphere Edge Server. If we had not gotten this to work, we were gearing up to use Apache.



                        Just FYI

                        Thanks again Chris

                        Dereference

                        Comment


                        • #13
                          Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                          Hi,
                          I tried the steps given in this forum, still I am facing a weird error. I can get to the logon page through reverse proxy but when I type in id and password, the screen comes back to logon page (the id/password are valid
                          Here are the links that I see -
                          1. I type http://my.reverseproxy.com/appname in the browser
                          2. The request goes to OTM installation
                          http://my.reverseproxy.com/appname/G...vlet.umt.Login
                          3. all the js and image files are loaded correctly on page
                          4. I type in the user id and password and click login
                          5. The request goes to -
                          http://my.reverseproxy.com/appname/G.../1220640897958
                          then it is redirected (status 302) to -
                          http://my.reverseproxy.com/appname/G...rameGC3Servlet
                          then next request is -
                          http://my.reverseproxy.com//appname/...eGC3Servlet%3F

                          showing me the logon page again.
                          I am not able to understand why this is happening. When I remove the reverse proxy configuration, the application works fine.

                          Any pointers on this?
                          Thanks,
                          - Pritam.

                          Comment


                          • #14
                            Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                            Pritam,

                            Ensure that your RP is not parsing or modifying the javascript elements of the OTM pages. I've seen similar issues in the past when this was the case.

                            Also - what RP are you using?

                            Thanks,
                            Chris

                            Comment


                            • #15
                              Re: Trouble with OTM behind Websphere Edge as reverse-proxy?

                              Thanks Chris.
                              We are using Apache reverse proxy (2.2.9). How do I know that apache is doing something which it should, atleast the main logon page shows correctly with all the images, css and js loaded correctly.
                              Is there any specific configuration on apache to avoid the javascript element parsing?
                              Thanks,
                              - Pritam.

                              Comment

                              Working...
                              X