on 09-11-2006 4:17 PM
We have two systems that we want to hit from the internet via reverse proxy. One is an ECC 6.0 system and the other CRM 5.0. The ITS for these systems is the Integrated ITS:
ECC sytem:
http://ecc.system.com:8001/sap/bc/gui/its/sap/webgui
CRM sytem:
http://crm.system.com:8001/sap/bc/gui/its/sap/webgui
The issue is how would I reverse proxy to both ITS from the Apache proxy server
Hi Fahad,
This can be achieved by creating an external alias for both systems, e.g.
/ecc which points to http://ecc.system.com:8001/sap/bc/gui/its/sap/webgui
/crm which points to http://crm.system.com:8001/sap/bc/gui/its/sap/webgui
Thanks and regards,
Dieter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Fahad
... just to make sure we are on the same page.
the external alias is a feature of the WebAS.
In SICF and on the ECC system you would create an external alias:
e.g. /ecc pointing to /default_host/sap/bc/gui/sap
In SICF and on the CRM system you would create an external alias:
e.g. /crm pointing to /default_host/sap/bc/gui/sap
Then in your Apache Reverse Proxy settings you would create the mappings like this:
/ecc http://ecc.system.com:8001/ecc
/crm http://ecc.system.com:8001/crm
now a URL like
https://apachehost.domain.com/ecc/its/webgui would
point to http://ecc.system.com:8001/ecc/its/webgui
and
https://apachehost.domain.com/crm/its/webgui would point to http://crm.system.com:8002/crm/its/webgui
After you tested this successfully you need something similar for the mimes too. Otherwise your users will always be pointed to the same machine for all mimes.
But first things first ....
best regards
Gerd
Hello Gerd,
Thank you for the clarification. I tried this method, but the problem is: between the internet and the ITS is the Enterprise Portal. The users will actually be running transaction Iviews in the portal that reach the ITS hosts. The portal, by default, establishes that the path to ITS is /sap/bc/gui/sap/its/webgui. If you put jargon in the path field or leave it empty the portal will fill in the ITS path automatically. So I don't have that free will to point to an external alias. What I tried was this: In the ecc system properties in the system landscape, for the ITS host name I put the reverse proxy host with the alias I created (proxy.server.com/ecc). This, resolves to proxy.server.com/ecc/sap/bc/gui/sap/its/webgui and I get a 403 forbidden error for /ecc/sap(asdljeraslfj...._)/bc/gui/sap/its/webgui. And I tried the rewrite script, that didn't work as well.
Hi Fahad,
I would do the following:
ECC system
- Create an External Alias named /ecc which points to http://ecc.system.com:8001/sap/bc/gui/its/sap/webgui
CRM system
- Create an External Alias named /crm which points to http://crm.system.com:8001/sap/bc/gui/its/sap/webgui
Let's say your Apache Reverse Proxy reads e.g. like https://ap.rev-proxy.com
The VirtualHost in Apache could look like e.g.
<VirtualHost ap.rev-proxy.com:443>
ProxyPreserveHost on
RequestHeader set ClientProtocol https
ReWriteEngine on
ReWriteRule ^/(ecc.*)$ http://ecc.system.com:8001/$1 [P,NC,L]
ReWriteRule ^/sap(.*)$ http://ecc.system.com:8001/sap$1 [P,NC,L]
</VirtualHost>
You see you have two ReWriteRules, one for the templates and one for the mimes.
Your iView could look like https://ap.rev-proxy.com/ecc?~transaction=va02 and this should work.
Now you could add the ReWriteRule for the second R/3 but then we have the problem with the mimes (as Gerd already realized) since this path is identical for both systems.
The only solution I can think of is to have a second VirtualHost in Apache which hosts the second system e.g.
<VirtualHost ap.rev-proxy.com:445>
ProxyPreserveHost on
RequestHeader set ClientProtocol https
ReWriteEngine on
ReWriteRule ^/(crm.*)$ http://crm.system.com:8001/$1 [P,NC,L]
ReWriteRule ^/sap(.*)$ http://crm.system.com:8001/sap$1 [P,NC,L]
</VirtualHost>
Thanks and regards,
Dieter
Hi,
Was anyone able to resolve this issue? I have the same problem where i need to connect to multiple ITS but not able to do so. It always stops at the first set of RewriteRules and never gets to the next one. So if i have rules for CRM and ECC, When i run the ECC transaction based iview from the portal, it executes the CRM rewriterules and never gets to ECC and hence throws the Exception as 'Transaction' not found in the iview.
Please let me know what needs to be done to make this work!!
Thanks,
Vsingh!!
Sorry for the delayed response. I have attached the single rewrite rule that is working fine with CRM system.
<VirtualHost sapepx00.meau.hq:80>
RewriteEngine on
RewriteLog logs/rewrite.log
RewriteLogLevel 8
RewriteRule ^/(sap\(.*)$ http://sapcrd01.meau.hq:8000/$1 [P,NC,L]
ProxyPass /sap http://sapcrd01.meau.hq:8000/sap
ProxyPassReverse /sap http://crq.meau.com/sap
</VirtualHost>
Now, the problem occurs when i have another ITS based transaction from ECC system.Proxy server always execute the first Rewriterule and never get to the one after that. What would i need to do to make the Proxy server distinguish between the 2 requests and resolve them accordinly. I even tried to create 2 different System aliases for CRM/ECC but still the same result.
Please let me know what needs to be done.
Regards,
VSingh!
... isn't that what the script is supposed to be doing?
the line: RewriteRule ^/(sap\(.*)$ http://sapcrd01.meau.hq:8000/$1 P,NC,L
includes an "L" at the end which stands for "Last Rule" or break here
Hi,
Here's my solution for the following scenario:
- Apache (version >= 2.0) as Reverse Proxy
- Two different WebAS systems, here called CRM and ECC
- Both systems should be addressed on the same host and name e.g. https://ap.RevPro.com/crm and https://RevPro/ecc
Steps in sytem CRM
1) Create an External Alias named "/crm" pointing to e.g. "default_host/sap/bc/gui/sap/its/webgui"
2) Create an External Alias named "/sap/public/crm" pointing to "default_host/sap/public/bc/its/mimes"
3) Add the following parameters in the Gui Settings for Alias "/crm"
~WEBGUI 1
~THEME sl
~URLMIME /sap/public/crm
4) "Gui Link" has to be set to "Yes" for alias "/crm" (mustn't be set for the mimes alias "sap/public/crm")
Do the same steps accordingly in system ECC
Steps in Apaches httpd.conf
<VirtualHost ap.revpro.com:443>
ProxyPreserveHost on
RequestHeader set ClientProtocol https
ReWriteEngine on
ReWriteRule ^/(crm.*)$ http://crm.system.com:8001/$1 [P,NC,L]
ReWriteRule ^/(sap/public/crm.*)$ http://crm.system.com:8001/sap$1 [P,NC,L]
ReWriteRule ^/(ecc.*)$ http://ecc.system.com:8001/$1 [P,NC,L]
ReWriteRule ^/(sap/public/ecc.*)$ http://ecc.system.com:8001/sap$1 [P,NC,L]
</VirtualHost>
The remaining problem is the logon page since it points to a different path (/sap/bc/public/systemlogin).
To overcome this you have to specify "Basic Authentication" as logon method (not System Logon).
When you run within Portal and use SSO2 then you also don't have issues with the logon page.
I could successfully test this and all works fine, even up-/download which is the acid test for such scenarions
Thanks and regads,
Dieter
I am trying to configure Reverse proxy using Apache. My scenario is: EP is the from=ntend where users will login and then will call the ITS from ECC on portal iView. I am able to reach to portal and access it however, when I am trying to call ITS through Apache I am getting 404. This is because the URL(hostname as well) for ecc system is different. I have tried using ReWrite rules but bot able to resolve the issue. I ahave gone through SDN and tried most the configurations and scenarios. I guess I lack the understanding on url ReWriting rule. Kindly find the httpd file content pasted below and send in your comments.
httpd content
_______________
ServerName <IP of my Apache server:80>
CanonicalName
UseCanonicalName off
ProxyVia on
ProxyTimeout 600
ProxyRequests off
ProxyPreserveHost on
NameVirtualHost <IP of my Apache server:80>
<VirtualHost <IP of my Apache server:80>>
ServerName portal.mycompany.com:80
RewriteEngine On
#RewriteRule ^sap(.)/bc/gui/sap/its/webgui(.) http://eccserver.mycompany.com/sap$0 [L]
#ReWriteRule ^/(/public/.*)$ http://eccserver.mycompany.com/sap$1 [L]
##ReWriteRule ^/(sap/public.*)$ http://eccserver.mycompany.com/sap$1 [P]
ReWriteRule ^/sap(.*)$ http://eccserver.mycompany.com/sap$1 [P]
RewriteLog logs/rewrite.log
RewriteLogLevel 3
ProxyPass /irj http://portal.mycompany.com/irj
ProxyPassReverse /irj http://mydomain.mycompany.com/irj
ProxyPass /sap http://eccserver.mycompany.com:80/sap
ProxyPassReverse /sap http://mydomain.mycompany.com:80/sap
</VirtualHost>
Note: mydomain.mycompany.com is the url whcich hits Apache from external as well as internal network. Apache is in DMZ and my EP and ECC is in LAN.
Regards
Rahat
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.