Using a Rewriter Proxy

Rewriter proxy is installed in the intranet. Instead of trying to retrieve the contents directly, the Gateway forwards all the requests to Rewriter proxy which fetches and returns the contents to the Gateway.

The advantages of using a Rewriter proxy are:

• If a firewall exists between the Gateway and server, the firewall needs to open only two ports - one between the Gateway and Rewriter proxy, and another between the Gateway and the Portal Server.

• HTTP traffic is now secure between the Gateway and the intranet even if the destination server only supports HTTP protocol (no HTTPS).

If you do not specify a Rewriter proxy, the Gateway component makes a direct connection to intranet computers when a user tries to access one of those intranet computers.

If you are using the Rewriter proxy as a load balancer, be sure that the platform.conf.instance_name for Rewriter points to the load balancer URL. Also ensure that the load balancer host is specified in the Portal Servers list.

If you have multiple instances of Rewriter proxies for each Gateway instance (not necessarily on the portal node), enter the details for each Rewriter proxy in the form of host-name:port in the platform.conf file, rather than a single port entry for the Rewrite proxy.

Creating Instances of a Rewriter Proxy

Use the rwpmultiinstance script to create a new instance of a Rewriter proxy on the Portal Server node. Run this script after the gateway profile has been created.

To Create a Rewriter Proxy Instance

1. Telnet to the machine where the instance needs to be created. The default gateway instance is up and running at this machine.

2. Copy the /opt/SUNWportal/template/sra/GWConfig.properties.template file to a temporary location . For example, /tmp.

3. Modify the values as required in the file for the new profile.

4. Once complete, run the following command:

   ./psadmin create-sra-instance -u amadmin -f <passwordfile> -S <template file location>.template -t rwproxy

5. Start the new instance of the Rewirter Proxy with the required gateway profile name to ensure that the changes take effect:

   ./psadmin start-sra-instance –u amadmin – f <password file> –N <profile name>– t rwproxy

Enabling a Rewriter Proxy

Enable a Rewriter proxy through the Gateway service under SRA Configuration in the Access Manager administration console.

Restarting a Rewriter Proxy

You can configure to restart Rewriter proxy whenever the proxy is killed accidentally. You can schedule a watchdog process to monitor and restart it if this happens.

You can also restart a Rewriter proxy manually.

To Restart a Rewriter Proxy

1. In a terminal window, connect as root and do one of the following:

   • Start the watchdog process:

     psadmin sra-watchdog -u uid -f password-filename -t instance-type on

     Enter rwproxy in place of the instance-type. For more information on this command, see the Sun Java Portal Server Command Line Reference Guide.

     This creates an entry in the crontab utility and the watchdog process is now active. The watchdog monitors the Rewriter Proxy port and brings up the proxy if it goes down.

   • Start a Rewriter Proxy manually:

     start-sra-instance -u uid -f password-filename -N sra-instance-name -t instance-type

     Enter rwproxy in place of the instance-type. This the profile name corresponding to the required Rewritter Proxy instance. For more information on this command, see the Sun Java Portal Server Command Line Reference Guide.

To Configure a Rewriter Proxy Watchdog

You can configure the time interval at which the watchdog monitors the status of the Rewriter proxy. This time interval is set to 60 seconds by default. To do this, edit the following line in the crontab utility:

0-59 * * * * rewriter-proxy-install-root/bin/checkgw /var/opt/SUNWportal/.gw 5 > /dev/null 2>&1