- Administering Live Experience
- Configure the Apache HTTP Server as a Secure Reverse Proxy
Configure the Apache HTTP Server as a Secure Reverse Proxy
You need to configure your Apache HTTP Server as a reverse proxy.
-
Modify the file apache24\conf\httpd.conf and do all the
following:
-
Configure Apache to listen on SSL port 9002.
Listen Siebel_domain:9002
-
Enable reverse proxy by uncommenting the following lines of code.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http2_module modules/mod_proxy_http2.so
-
Add or uncomment the xml2enc module.
LoadModule xml2enc_module modules/mod_xml2enc.so
-
-
Modify the file apache24\conf\httpd-ahssl.conf and do all the following:
- Change the listen port to 9001.
Listen 9001 https
-
Add the open module ID configuration.
LoadModule auth_openidc_module modules/mod_auth_openidc.so # IDCS metadata OIDCProviderMetadataURL https://idcs-9dc9ab4b56ed47dea49033364df8fc5a.identity.oraclecloud.com/.well-known/openid-configuration # IDCS Client ID OIDCClientID b7a250216b714b73ad63bdf2c7c892bd # IDCS Client Secret OIDCClientSecret c4a24964-fd4e-440b-91bd-4baf8eb0fa56 # Token Type OIDCProviderTokenEndpointAuth client_secret_basic # Disable SSL validation, uncomment it for testing purposes OIDCSSLValidateServer Off # Scope OIDCScope "openid" # Action OIDCResponseMode form_post # Your application's URL plus the "oidc" fake resource needed by OpenID # Use HTTP instead of HTTPS for testing purposes OIDCRedirectURI https://Siebel_domain:9001/siebel/oidc/ # Password OIDCCryptoPassphrase MyStrongPass00 OIDCUnAuthAction auth
-
Define the protected resource.
<VirtualHost *:9001> SSLEngine on SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off ServerName slc16odt:9001 SSLCertificateFile "C:\Apache24\conf\cert\server.pem" SSLCertificateKeyFile "C:\Apache24\conf\cert\serverkey.pem" # mod_proxy setup. ProxyRequests Off Redirect /logout /siebel/oidc/?logout=https://Siebel_domain:9001/siebel/app/eCommunicationsWireless/enu ProxyPass "/siebel" "https://bejar23.oracle.com:9001/siebel" connectiontimeout=600 timeout=600 ProxyPassReverse "/siebel" "https://bejar23.oracle.com:9001/siebel" Timeout 600 ProxyTimeout 600 #<Location /eCommunicationsWireless_enu> <Location /siebel> AuthType openid-connect Require valid-user </Location> # This is a fake resource used by mod_auth_openidc # Users will not access it directly <Location /oidc/> AuthType openid-connect Require valid-user </Location> </virtualhost>
- Change the listen port to 9001.