cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Accessing Fiori from Apache reverse proxy.

arun_santhanam3
Participant

on ‎07-14-2014 6:43 AM

0 Kudos

Hi All,

       I have installed Fiori setup in local network.

When I tried to access the URL from External world using Apache Reverse Proxy Server installed in DMZ it is not getting connected.

Is there any specific configuration that we need to do in Fiori? Can any one help me on this.

cc:

Thanks

-Arun

Tags edited by: Michael Appleby

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member188396
Participant
‎11-25-2015 2:50 PM
0 Kudos

Hello,

What was the solution to fix this issue? We are also facing the same.

We added AllowEncodedSlashes in the config and it has started giving 400 Bad request error instead of 404 not found error.

Can someone please advise?

-Bhavik

Show replies
Show replies
rkresha
Participant
‎01-26-2016 3:20 PM
0 Kudos

We are in the same bucket.

'AllowEncodedSlashes On' gives us a 400 complaining about URI syntax

'AllowEncodedSlashes NoDecode' gives us a 404

'ProxyPass nocanon' appears to have done nothing.

former_member276203
Explorer
‎06-09-2015 10:12 AM
0 Kudos

Hi,

We have added the line AllowEncodedSlashes on at the Apache site config and now it works !!

Show replies
Show replies
masa_139
Product and Topic Expert
Product and Topic Expert
‎07-14-2014 7:35 AM
0 Kudos

Hi Arun,

Please compare the OData URI string with internal access and external access.

I think Apache proxy changes some special character like ' " ( )  and backend side can not handle the URI.

Regards, Masa

SAP Customer Experience Group - CEG

Show replies
Show replies
kshitijray
Explorer
‎11-06-2014 11:41 PM
0 Kudos

Hey Masa,

I am not sure if this thread is closed, but the status still shows not answered.

so, I am also facing the some issues with apache reverse proxy with Fiori launchpad.

So the redirects for some reason are getting 404 errors for different components of the page.

How does SAP recommends we do the reverse proxy and redirects?? also, do we need to get a specific cert for the gateway system for https, or we can use the corporate wildcard cert if go with something like - https://<abc>.com/fiorilaunchpad and redirect it to launchpad url.

Hope my questions are clear. Please let me know if you need more information.

I really appreciate your help and suggestions in advace.

thanks

Ray

masa_139
Product and Topic Expert
Product and Topic Expert
‎11-07-2014 12:01 AM
0 Kudos

Hi Ray,

I think the issue is your Apache proxy configuration and not SAP software.

Take a look SCN search results.

Regards, Masa

SAP Customer Experience Group - CEG

kshitijray
Explorer
‎11-10-2014 10:02 PM
0 Kudos

Hey Masa,

So in the apache conf file, we have following lines -

Proxypass /sap/ https://<Gateway server>:<port>/sap/
ProxypassReverse /sap/ https://<Gatewat Server>:<port>/sap/

So when I go to the URL we have given for the launchpad, it takes me to the login page, and then once I login it would go to the launchpad page and give me following Error - "Failure - Unable to load groups".

I also notice when I inspect the elements of the page - /sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('/UI2/Fiori2LaunchpadHome') is giving 404 error in that.

This works when I use the internal url and go to the https://<gatewayserver>:<port>/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html

Any ideas on what I maybe missing or doing wrong, or which side I should be looking.

thanks

Ray

masa_139
Product and Topic Expert
Product and Topic Expert
‎11-12-2014 5:21 AM
0 Kudos

Hi Ray,

Does it work without proxy in the intranet?

What is the OData service URL?

/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('/UI2/Fiori2LaunchpadHome')


Is there any difference in the URL especially special characters?


Regards, Masa

SAP Customer Experience Group - CEG

kshitijray
Explorer
‎11-12-2014 4:21 PM
0 Kudos

Hey Masa.

yes it works perfectly fine without the proxy in the intranet.

I am not sure what do you mean by what is OData Service URL.. so should OData Service url be different for each service we have.. correct?

The pageset url that I see when running through intranet is - https://<gatewayserver>:1443/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage

My Launchpad URL (which I am trying from intranet) is - 
https://<gatewayhost>:1443/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html

But from outside the network, using proxy we are using -

http://<ourcompany'sdomain>/fiorilaunchpad

which then is handled and redirected in Apache web server.. so the end user doen't need to know the actual server or full service url.

Our web team person says that this same setup is working with many other applications on the web.

So I am not sure if there is something he is doing wrong or do we need some extra setup for proxy in the service itself.

Please let me know if you need more information.

thanks

Ray

Former Member
‎11-12-2014 4:42 PM
0 Kudos

your apache proxy server seems to be blocking high bit characters '('.   What apache module are you using for your proxy?  Filtering needs to be configured to unblock high bit characters if this is the case.

Former Member
‎11-12-2014 4:44 PM
0 Kudos

run a trace on the apache server and it should give you details

kshitijray
Explorer
‎11-12-2014 6:58 PM
0 Kudos

Hey Azeez,

sorry for the previous comment.. looks like our web guy made mistake.. (so I deleted that comment and adding new)..

so running a trace on the url we only could only get information that its getting 404 error. so the same page internally is working fine.. but with proxy is giving 404 error. It could very well be because of high bit character.. but we haven't even found a way to unblock high bit characters in apache..

If you already know how to, would you be able to give me instructions to pass along to our web guys on how to unblock the high bit characters in Apache.

thanks

Ray

Former Member
‎11-13-2014 4:30 PM
0 Kudos

Your 404 is coming from your apache server.

Take a look at this apache documentation below...note:  it presents unsafe path vulnerability if you use on, recommended try nodecode see if that works:

core - Apache HTTP Server Version 2.2

Another option is to use re-write rules.  You'll need to get someone well versed in apache for this.

kshitijray
Explorer
‎11-13-2014 4:43 PM
0 Kudos

thanks Azeez, I'll let my apache guy to look into this.. and will update here with the results.

UlfZeisberger
Participant
‎11-18-2014 4:48 PM
0 Kudos

Hi Masa,

I think we have a similar issue when opening the Fiori Launchpad.

Directly accessing the gateway server works fine in the intranet.

Going via the Apache reverse proxy shows the following in InternetExplorer  F12 Developer Tools:

Request:

/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage

Response:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

  <html><head><title>404 Not Found</title></head>

<body>

  <h1>Not Found</h1>

  <p>The requested  URL /sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets'/UI2/Fiori2LaunchpadHome') was
not found on this server.</p>

  </body></html>


I assume the issue is with either the URLencoded part %2FUI2%2FFiori...

or with the brackets, the dollar sign or the commas used in the URL.


Could you maybe point out what's the crucial parts we need to add to our Apache Reverse Proxy config?

So far we have mainly used

ProxyPreserveHost On and

ProxyPass and ProxyPassreverse    pairs.
What do we need to get the bracket  (, the URLencoded part, the $ or the ,  through to the gateway server.

Regs Ulf

UlfZeisberger
Participant
‎11-18-2014 5:54 PM
0 Kudos

Hello,

in the meantime I have debugged the coding and can tell that the request comes through the reverse proxy into the ABAP !

The request part is

/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('%2FUI2%2FFiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage

See the picture from the debugger uploaded.

Now we stil have to find out, why it behaves differently when using the reverse proxy.

Regs

Ulf

Former Member
‎12-18-2014 8:12 AM
0 Kudos

Hi All,

It seems I encounter the same problem, any input ?

( I encounter a 404 on the same request using the apache reverse proxy )

Thank you very much,

Erwan

UlfZeisberger
Participant
‎12-18-2014 9:05 AM
0 Kudos

Hello,

we solved the issue by using the postfix   nocanon  at the end of our Apache  ProxyPass directive.

##### ABAP STACK#############

ProxyPass              /yourpath http://server.domain:port/yourpath   nocanon

ProxyPassReverse       /yourpath http://server.domain:port/yourpath

################################

I had found this hint in a document called:

"Installation and configuration of common components of SAP Fiori (EE0) - Building Block Configuration Guide"

(Oct. 2014, Version 1.0)

Kind regards

Ulf Zeisberger

UlfZeisberger
Participant
‎12-18-2014 9:06 AM
0 Kudos

Hi,

use the    nocanon  postfix in your ProxyPass directive.

ProxyPass /yourpath http://server.domain:port/yourpath   nocanon

See also my post below.

Regs

Ulf

Former Member
‎12-18-2014 9:55 AM
0 Kudos

OK Thanks a lot !

Ask a Question