Configure Apache HTTP Server as a reverse proxy
This section contains an example configuration of Apache as a reverse proxy between AM and Web Agent. You can use any reverse proxy that supports the WebSocket protocol.
For information about how to configure Apache for load balancing, and other requirements for your environment, see the Apache documentation.
httpd.conffile in your deployed reverse proxy instance.
Add the modules required for a proxy configuration, as follows:
# Modules required for proxy LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
mod_proxy_wstunnel.somodule is required to support the WebSocket protocol used for communication between AM and the agents.
Add the proxy configuration inside the
VirtualHostcontext. Consider the following directives:
<VirtualHost 192.168.1.1> ... # Proxy Config RequestHeader set X-Forwarded-Proto "https" (1) ProxyPass "/openam/notifications" "ws://am.example.com:8080/am/notifications" Upgrade=websocket (2) ProxyPass "/openam" "http://am.example.com:8080/am" (3) ProxyPassReverseCookieDomain "openam.internal.example.com" "proxy.example.com" (4) ProxyPassReverse "/openam" "http://am.example.com:8080/am" (5) ... </VirtualHost>
(1) RequestHeader: Set to
http, depending on the proxy configuration. If the proxy is configured for https, as in the above example, set to
https. Otherwise, set
http. In a later step, you configure AM to recognize the forwarded header and use it in the
gotoparameter for redirecting back to the agent after authentication.
(2) ProxyPass: Set to allow WebSocket traffic between AM and the agent. If HTTPS is configured between the proxy and AM, set to use the
wssprotocol instead of
(3) ProxyPass: Set to allow HTTP traffic between AM and the agent.
(4) ProxyPassReverseCookieDomain: Set to rewrite the domain string in `Set-Cookie`headers in the format internal domain (AM’s domain) public domain (proxy’s domain).
(5) ProxyPassReverse: Set to the same value configured for the
For more information about configuring Apache as a reverse proxy, see the Apache documentation.
Restart the reverse proxy instance.
Configure AM to recover the forwarded header you configured in the reverse proxy. Also, review other configurations that may be required in an environment that uses reverse proxies. For more information, see Regarding communication between AM and agents