on 07-11-2013 6:16 PM
Hi All,
I am working on enabling our SAP SRM System on internet by reverse proxy
Our Server Details
Portal 7.3
SRM 7.01
MDM 7.1
Below is the
External url -> Apache Reverse Proxy -> Portal -> SRM
https://www.mycompany.com -> http://www.Apachereverse.mydomain.com:80/ -->
http://portal.mydomain.com:50100/irj/portal
I am able to send all requests from external url to portal and by changing the system object (ITS & WebAS) hostname and protocol.
But in SRM, there is one place when I click on Internal product Catalog, its uses host name from SMICM and http protocol.
At this point, I want to all requests in ICM to use https and www.mycompany.com as the hostname.
Then From Apache reverse proxy, I will redirect to http://srm.mydomain.com:8000/sap.
Please help
Regards
Ponnusamy
Hi Ponnusamy,
Its looks like you have configured SSL termination at reverse proxy, which is ensuring the communication path reverse proxy -> Portal -> SRM and backwards uses http without encryption.
If you want SRM ABAP ICM to listen at https, you will need to configure end-to-end SSL.
Regards,
Yashith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
First thing i wanted to understand which system is responsible of doing SSL offloading?
And can you please let me know what are the details that you have maintained in the Portal 7.3 system landscape for the SRM back-end.
All the url should be https in the system landscape page for the SRM system in portal.
Please let me know your comments.
thanks
Rishi Abrol
Hi Rishi,
My SSL Offloading happens at Load Balancer.
In the Portal System object (system landscape), I made protocol to https and ITS and webas parameter to www.mycompany.com
All requests from System object is perfectly going to backend through reverse proxy from Apache.
Only issue I am facing, when I click on Internal Product Catalog, its uses ICM Hostname and port mentioned in SMICM.
Can I make SMICM Parameter as follows
Protocol -> https
Hostname -> www.mycompany.com
Port : 0
So All requests that uses ICM host should use the above one and in my apache, i can redirect to correct FQDN of backend system.
Regards
Ponnusamy
Hi Ponnusamy,
As the SSL offloading is done by the load balancer so that makes things easier.
Now on the load balancer you would have got two vip one for the portal and another for backend system.
So two ways to user it.
Apache should do reverse proxy for two ip one for Portal and one for SRM(if they cant be accessed by different ip and are installed on different hosts and with different port names on which the application are installed)
Apache should do reverse proxy for one ip for both portal and SRM(if they cant be accessed by same ip and are installed on hosts and with different port names on which the application are installed)
Again please let me know what are the settings maintained in the system landscape in portal for the SRM system.
Thanks
Rishi abrol
Hi,
for this
Only issue I am facing, when I click on Internal Product Catalog, its uses ICM Hostname and port mentioned in SMICM.
Can I make SMICM Parameter as follows
Protocol -> https
Hostname -> www.mycompany.com
Port : 0
Please try to maintain the table httpurlloc
MANDT <main client of backend>
SORT KEY 001
PROTOCOL HTTPS
APPLICATN
FOR DOMAIN
HOST <Host name which you will recognised the backend on internet>
PORT 443
Thanks
Rishi Abrol
Hi Ponnusamy,
Please check this: http://help.sap.com/saphelp_nw04/helpdata/en/55/33a83e370cc414e10000000a114084/content.htm
You can try to link the internal product catalog to SICF service, and use "external alias" or "virtual host" to achieve your goal.
I hope this will help you.
Regards,
Andre
Hi All,
I am able to solve the issue and able to access my application on internet without any issues.
Rishi input helped a lot to find the solution
1. Maintained Table entries httpurlloc in all clients - 000, prd client
2. Added the below entries in Apache
RewriteEngine on
RequestHeader set x-sap-webdisp-ap HTTP=8000,HTTPS=443
RequestHeader set ClientProtocol https
3. Added entries for BSP application to render on internet
RewriteRule ^/(sap\(.*) http://FQDN:8000/$1 [P,L]
And follow the link below, which explains in detail
http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
Regards
Ponnusamy
Hi Ponnusamy,
I'm just curious, as you are using the SAP Web Dispatcher anyway, and as my previous idea using SICF-service to make your BSP available, why not using it? because SAP Web Dispatcher also having a "reverse proxy" functionality and load-balancing capability as well?
I assume this is much simpler than your solution now (extra Apache as reverse-proxy)?
See http://help.sap.com/saphelp_nw70/helpdata/en/e9/3bb7f8f6ea4e938ef0b9687cbb6c14/content.htm
Regards,
Andre
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.