on 08-19-2015 4:31 PM
Dear Experts,
we configured one web dispatcher as reverse proxy for multiple sap systems , we used https to https connection. Its working fine.
Now we have new requirement that we need to send http requests also in the same web dispatcher as reverse proxy, Is it possible to send both HTTP and HTTPS requests through one web dispatcher? if its possible, Could you please send steps to follow. Appreciate it.
Please advise. Thanks in advance.
Regards,
Surya
Yes, it is possible. Instead of using the global parameters, you use the system specific ones. See SAP note 1937653 for details.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Samuli,
I am really sorry for late reply, but I tried the note but its not working.
Parameters used:
wdisp/server_info_protocol = https
wdisp/group_info_protocol = https
wdisp/url_map_protocol = https
wdisp/ping_protocol = https
wdisp/ssl_encrypt = 1
#wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300
#wdisp/system_1 = SID=ABC, SSL_ENCRYPT=0, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102
As I mentioned, its working for HTTPs link and when I tried http link, its giving 503 service error
Regards,
Surya
Hello Surya,
You cannot use two system definitions (wdisp/system_X) pointing to the same system.
If you have only the ABC backend system, remove the parameter "wdisp/system_1" and also remove the "SRCSRV" argument from "wdisp/system_0".
Restart the Web Dispatcher and let us know how it goes.
In case the HTTP 503 error persists, please post a screenshot showing it (if using Internet Explorer, please deactivate the "show friendly HTTP error messages" option at the "advanced" tab of the "internet options" before simulating the issue / taking the screenshot).
Regards,
Isaías
Hi Isaias,
we need HTTP and HTTPS connection to the same system from one web dispatcher, Is this not possible? we are using 7.42 web dispathcher kernel, patch 119
I already used 2 wdisp parameters to the same system with only HTTPS connection to the backend, and both are working shown below . but when I tried one http and one https , HTTP is not working.
with the below parameters there in system, Its accepting only SSL connection
working:
wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1
wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2
wdisp/server_info_protocol = https
wdisp/group_info_protocol = https
wdisp/url_map_protocol = https
wdisp/ping_protocol = https
wdisp/ssl_encrypt = 1
Not working:
wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1
wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=0
2nd link now working in this scenario, because I am using MSPORT (http)
Regards,
Surya
Thanks Isaias,
Its working if I keep only one wdisp parameter, but still communication between web dispatcher and sap system is still https only right?
Also, if multiple systems like ABC,DEF,XYZ are there which needs same http and https connection in one web dispatcher, we need to mention ports right?
Also is there any difference between this 2 scenarios
Scenario1:
one wdisp parameter
wdisp/system_0 = SID=ABC, NR=01, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:*
works good for one sap system in one web dispatcher
Scenario2:
2 wdisp parameters, working externally passing http, https
wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1
wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2
I think I can mention ports for specified systems.
Regards,
Surya
Hello Surya,
The communication from the Web Dispatcher to the backend will depend on the parameter "wdisp/ssl_encrypt".
This is related to the communication from the end users through the Web Dispatcher.
The other parameters you have set:
wdisp/server_info_protocol = https
wdisp/group_info_protocol = https
wdisp/url_map_protocol = https
wdisp/ping_protocol = https
configure the Web Dispatcher to fetch the backend data through HTTPS (which instances are up, logon groups, test - "ping" - the instance to confirm that it is responding, etc.).
If you have two systems, you need to consider the system selection criteria.
For example, system ABC is an ECC system and system DEF is a Portal system.
I would configure the Web Dispatcher like:
wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCURL=/sap;/SAP;/nwbc
wdisp/system_1 = SID=DEF, MSHOST=def.company.com, MSSPORT=44300, SRCURL=/
The order of the wdisp/system_X parameters is important (see wdisp/system_conflict_resolution).
There are other selection criterias. Read this page.
Regards,
Isaías
Thanks Isaias for your time
1. I am still wondering why 2 links with same system name working fine without problem in web dispatcher
wdisp/system_0 = SID=ABC, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=xyz.company.com:44300, SSL_ENCRYPT=1
wdisp/system_1 = SID=ABC, NR=01, MSHOST=abc.company.com, MSPORT=8101, SRCSRV=xyz.company.com:8102, SSL_ENCRYPT=2
2.
so we can pass http and https connections , but connection from backdend to webdispatche that is fixed either http or https(through this parameter wdisp/ssl_encrypt)
Regards,
Surya
Hello Surya,
About:
1. Either only system_0 was being used (this will depend on the parameter "wdisp/system_conflict_resolution"), or it is just a matter of time (or "bad luck") until random timeouts / blank pages occur.
Once the user logged on, the Web Dispacther must send all requests from this user to the same instance at the backend. Otherwise, errors can occur. Each system definition has its own load balancing table. If the user logged on through system_0 and a future request ended up in system_1, the Web Dispatcher would perform load balance and could send the request to a different instace, which would (potentially) cause issues.
Thus, each system must be defined only once;
2. Did you read the documentation of the parameter "wdisp/ssl_encrypt"? You can force HTTP or HTTPS, or you can configure the Web Dispatcher to use the same protocol the end user used to reach the Web Dispatcher.
Regards,
Isaías
Hi Isaias,
sorry for taking your time,
As you understand my scenarios, Could you please suggest your answer for my scenarios
1.
we have 3 sap systems with almost same links because 3 landscapes for 3 diff countries
sample Links for end users
https://abc.company.com:44400/custom
https://abc.company.com:44500/custom
https://abc.company.com:44600/custom
http://abc.company.com:8101/custom1
http://abc.company.com:8102/custom
http://abc.company.com:8103/custom
wdisp/system_0 = SID=abc, NR=01, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:*
wdisp/system_1 = SID=xyz, NR=00, MSHOST=def.company.com, MSSPORT=44300, SRCSRV=*:*
wdisp/system_2 = SID=def, NR=01, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:*
without mentioning ports, how can we differentiate , Please suggest if you have this scenario
icm/server_port_1 = PROT=HTTP,HOST=web-D,PORT=8101,TIMEOUT=60
icm/server_port_2 = PROT=HTTP,HOST=web-D,PORT=8102,TIMEOUT=60
icm/server_port_3 = PROT=HTTP,HOST=web-D,PORT=8103,TIMEOUT=60
icm/server_port_4 = PROT=HTTPS,HOST=web-D,PORT=44300,TIMEOUT=60
icm/server_port_5 = PROT=HTTPS,HOST=web-D,PORT=44400,TIMEOUT=60
icm/server_port_6 = PROT=HTTPS,HOST=web-D,PORT=8000,TIMEOUT=60
2.
How to configure the Web Dispatcher to use the same protocol the end user used to reach the Web Dispatcher?
wdisp/ssl_encrypt = 1 is my guess, Please suggest if I am wrong
Regards,
Surya
Isaias,
when wdisp/system_conflict_resolution =0, system didnt even start because of ambiguity
when wdisp/system_conflict_resolution = 1, system started, but sending requests only to first system
wdisp/system_0 = SID=ABC, NR=00, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:*
wdisp/system_1 = SID=DEF, NR=01, MSHOST=def.compnay.com, MSSPORT=44400, SRCSRV=*:*
other than differentiating with ports, looking for possible solution to differentiate the systems.
Regards,
Surya
Hello Surya,
Sine you are opening multiple ports at the Web Dispatcher and want to map them to the different systems, the best option is to mention the ports at "SRCSRV".
wdisp/system_0 = SID=ABC, MSHOST=abc.company.com, MSSPORT=44300, SRCSRV=*:44400;*:8101
wdisp/system_1 = SID=XYZ, MSHOST=xyz.company.com, MSSPORT=44300, SRCSRV=*:44500;*:8102
wdisp/system_2 = SID=DEF, MSHOST=def.company.com, MSSPORT=44300, SRCSRV=*:44600;*:8103
About wdisp/ssl_encrypt, you are correct. Setting it to 1 will make the Web Dispatcher use the same protocol used by the end user to reach it, when it forwards the request to the backend.
Regards,
Isaías
User | Count |
---|---|
89 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.