Solved: Can we work on both HTTP and HTTPS reverse proxy t...

Dear Experts,

we configured one web dispatcher as reverse proxy for multiple sap systems , we used https to https connection. Its working fine.

Now we have new requirement that we need to send http requests also in the same web dispatcher as reverse proxy, Is it possible to send both HTTP and HTTPS requests through one web dispatcher? if its possible, Could you please send steps to follow. Appreciate it.

Please advise. Thanks in advance.

Regards,

Surya

SAP Managed Tags:
SAP NetWeaver

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (1)

Yes, it is possible. Instead of using the global parameters, you use the system specific ones. See SAP note 1937653 for details.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Samuli,

I am really sorry for late reply, but I tried the note but its not working.

Parameters used:

wdisp/server_info_protocol = https

wdisp/group_info_protocol = https

wdisp/url_map_protocol = https

wdisp/ping_protocol = https

wdisp/ssl_encrypt = 1

#wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300

#wdisp/system_1 = SID=ABC, SSL_ENCRYPT=0, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102

As I mentioned, its working for HTTPs link and when I tried http link, its giving 503 service error

Regards,

Surya

Hello Surya,

You cannot use two system definitions (wdisp/system_X) pointing to the same system.

If you have only the ABC backend system, remove the parameter "wdisp/system_1" and also remove the "SRCSRV" argument from "wdisp/system_0".

Restart the Web Dispatcher and let us know how it goes.

In case the HTTP 503 error persists, please post a screenshot showing it (if using Internet Explorer, please deactivate the "show friendly HTTP error messages" option at the "advanced" tab of the "internet options" before simulating the issue / taking the screenshot).

Regards,

Isaías

Hi Isaias,

we need HTTP and HTTPS connection to the same system from one web dispatcher, Is this not possible? we are using 7.42 web dispathcher kernel, patch 119

I already used 2 wdisp parameters to the same system with only HTTPS connection to the backend, and both are working shown below . but when I tried one http and one https , HTTP is not working.

with the below parameters there in system, Its accepting only SSL connection

working:

wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1

wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2

wdisp/server_info_protocol = https

wdisp/group_info_protocol = https

wdisp/url_map_protocol = https

wdisp/ping_protocol = https

wdisp/ssl_encrypt = 1

Not working:

wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1

wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=0

2nd link now working in this scenario, because I am using MSPORT (http)

Regards,

Surya

Hello Surya,

Yes, you can have HTTP and HTTPS protocols at the same Web Dispatcher, for the same backend system.

However, you cannot have two system definitions for the same system. This is wrong.

Read my previous reply...

Regards,

Isaías

Hi Isaias,

I tried putting only one wdisp parameter and restarted the web dispatcher.

wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300

Now its getting 503 errors for both https and http links.

Regards,

Surya


In case the HTTP 503 error persists, please post a screenshot showing it (if using Internet Explorer, please deactivate the "show friendly HTTP error messages" option at the "advanced" tab of the "internet options" before simulating the issue / taking the screenshot).

Regards,

Isaías

Thanks Isaias,

Its working if I keep only one wdisp parameter, but still communication between web dispatcher and sap system is still https only right?

Also, if multiple systems like ABC,DEF,XYZ are there which needs same http and https connection in one web dispatcher, we need to mention ports right?

Also is there any difference between this 2 scenarios

Scenario1:

one wdisp parameter

wdisp/system_0 = SID=ABC, NR=01, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:*

works good for one sap system in one web dispatcher

Scenario2:

2 wdisp parameters, working externally passing http, https

wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1

wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2

I think I can mention ports for specified systems.

Regards,

Surya

Hello Surya,

The communication from the Web Dispatcher to the backend will depend on the parameter "wdisp/ssl_encrypt".

This is related to the communication from the end users through the Web Dispatcher.

The other parameters you have set:


wdisp/server_info_protocol = https
wdisp/group_info_protocol = https
wdisp/url_map_protocol = https
wdisp/ping_protocol = https

configure the Web Dispatcher to fetch the backend data through HTTPS (which instances are up, logon groups, test - "ping" - the instance to confirm that it is responding, etc.).

If you have two systems, you need to consider the system selection criteria.

For example, system ABC is an ECC system and system DEF is a Portal system.

I would configure the Web Dispatcher like:

wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCURL=/sap;/SAP;/nwbc

wdisp/system_1 = SID=DEF, MSHOST=def.company.com, MSSPORT=44300, SRCURL=/

The order of the wdisp/system_X parameters is important (see wdisp/system_conflict_resolution).

There are other selection criterias. Read this page.

Regards,

Isaías

Thanks Isaias for your time

1. I am still wondering why 2 links with same system name working fine without problem in web dispatcher

wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1

wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2

so we can pass http and https connections , but connection from backdend to webdispatche that is fixed either http or https(through this parameter wdisp/ssl_encrypt)

Regards,

Surya

Hello Surya,

About:

1. Either only system_0 was being used (this will depend on the parameter "wdisp/system_conflict_resolution"), or it is just a matter of time (or "bad luck") until random timeouts / blank pages occur.

Once the user logged on, the Web Dispacther must send all requests from this user to the same instance at the backend. Otherwise, errors can occur. Each system definition has its own load balancing table. If the user logged on through system_0 and a future request ended up in system_1, the Web Dispatcher would perform load balance and could send the request to a different instace, which would (potentially) cause issues.

Thus, each system must be defined only once;

2. Did you read the documentation of the parameter "wdisp/ssl_encrypt"? You can force HTTP or HTTPS, or you can configure the Web Dispatcher to use the same protocol the end user used to reach the Web Dispatcher.

Regards,

Isaías

Hi Isaias,

sorry for taking your time,

As you understand my scenarios, Could you please suggest your answer for my scenarios

we have 3 sap systems with almost same links because 3 landscapes for 3 diff countries

sample Links for end users

https://abc.company.com:44400/custom

https://abc.company.com:44500/custom

https://abc.company.com:44600/custom

http://abc.company.com:8101/custom1

http://abc.company.com:8102/custom

http://abc.company.com:8103/custom

wdisp/system_0 = SID=abc, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:*

wdisp/system_1 = SID=xyz, NR=00, MSHOST=def.company.com, MSSPORT=44300, SRCSRV=*:*

wdisp/system_2 = SID=def, NR=01, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:*

without mentioning ports, how can we differentiate , Please suggest if you have this scenario

icm/server_port_1 = PROT=HTTP,HOST=web-D,PORT=8101,TIMEOUT=60

icm/server_port_2 = PROT=HTTP,HOST=web-D,PORT=8102,TIMEOUT=60

icm/server_port_3 = PROT=HTTP,HOST=web-D,PORT=8103,TIMEOUT=60

icm/server_port_4 = PROT=HTTPS,HOST=web-D,PORT=44300,TIMEOUT=60

icm/server_port_5 = PROT=HTTPS,HOST=web-D,PORT=44400,TIMEOUT=60

icm/server_port_6 = PROT=HTTPS,HOST=web-D,PORT=8000,TIMEOUT=60

How to configure the Web Dispatcher to use the same protocol the end user used to reach the Web Dispatcher?

wdisp/ssl_encrypt = 1 is my guess, Please suggest if I am wrong

Regards,

Surya

Isaias,

when wdisp/system_conflict_resolution =0, system didnt even start because of ambiguity

when wdisp/system_conflict_resolution = 1, system started, but sending requests only to first system

wdisp/system_0 = SID=ABC, NR=00, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:*

wdisp/system_1 = SID=DEF, NR=01, MSHOST=def.compnay.com, MSSPORT=44400, SRCSRV=*:*

other than differentiating with ports, looking for possible solution to differentiate the systems.

Regards,

Surya

Hello Surya,

Sine you are opening multiple ports at the Web Dispatcher and want to map them to the different systems, the best option is to mention the ports at "SRCSRV".


wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:44400;*:8101


wdisp/system_1 = SID=XYZ, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:44500;*:8102


wdisp/system_2 = SID=DEF, MSHOST=def.company.com, MSSPORT=44300, SRCSRV=*:44600;*:8103

About wdisp/ssl_encrypt, you are correct. Setting it to 1 will make the Web Dispatcher use the same protocol used by the end user to reach it, when it forwards the request to the backend.

Regards,

Isaías

Thanks a lot Isaias for expertise, I will change the parameters as you recommended in web dispatcher.

Really appreciate your time

Regards,

Surya

You're welcome!

Answers (0)

Ask a Question

Top Q&A Solution Author

User

Count

Can we work on both HTTP and HTTPS reverse proxy through one web dispatcher

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

SAP Datasphere - add user error

I have a date column and I want to derive Week ran...

Re: Validations on 'Apply' in restful ABAP

Deploy failed. Detail: Request failed with status ...

Re: Data Privacy Embedding Model via Core AI