Configure the Apache HTTP Server as a Secure Reverse Proxy

You need to configure your Apache HTTP Server as a reverse proxy.

The examples in this section also employ and enable SSL security mechanisms.

1. Modify the file apache24\conf\httpd.conf and do all the following:

   • Configure Apache to listen on SSL port 9002.

     Listen Siebel_domain:9002

   • Enable reverse proxy by uncommenting the following lines of code.

     LoadModule proxy_module modules/mod_proxy.so

     LoadModule proxy_html_module modules/mod_proxy_html.so

     LoadModule proxy_http_module modules/mod_proxy_http.so

     LoadModule proxy_http2_module modules/mod_proxy_http2.so

   • Add or uncomment the xml2enc module.

     LoadModule xml2enc_module modules/mod_xml2enc.so

2. Modify the file apache24\conf\httpd-ahssl.conf and do all the following:
   • Change the listen port to 9001.

     Listen 9001 https

   • Add the open module ID configuration.

     LoadModule auth_openidc_module modules/mod_auth_openidc.so
     # IDCS metadata
     OIDCProviderMetadataURL https://idcs-9dc9ab4b56ed47dea49033364df8fc5a.identity.oraclecloud.com/.well-known/openid-configuration
     # IDCS Client ID
     OIDCClientID b7a250216b714b73ad63bdf2c7c892bd
     # IDCS Client Secret
     OIDCClientSecret c4a24964-fd4e-440b-91bd-4baf8eb0fa56
     # Token Type
     OIDCProviderTokenEndpointAuth client_secret_basic
     # Disable SSL validation, uncomment it for testing purposes
     OIDCSSLValidateServer Off
     # Scope
     OIDCScope "openid"
     # Action
     OIDCResponseMode form_post
     # Your application's URL plus the "oidc" fake resource needed by OpenID
     # Use HTTP instead of HTTPS for testing purposes
     OIDCRedirectURI https://Siebel_domain:9001/siebel/oidc/
     # Password
     OIDCCryptoPassphrase MyStrongPass00
     OIDCUnAuthAction auth

   • Define the protected resource.

     <VirtualHost *:9001>
      SSLEngine on
      SSLProxyEngine on
      SSLProxyVerify none
      SSLProxyCheckPeerCN off
      SSLProxyCheckPeerName off
      ServerName slc16odt:9001
      SSLCertificateFile "C:\Apache24\conf\cert\server.pem"
      SSLCertificateKeyFile "C:\Apache24\conf\cert\serverkey.pem"
      # mod_proxy setup.
      ProxyRequests Off
      Redirect /logout /siebel/oidc/?logout=https://Siebel_domain:9001/siebel/app/eCommunicationsWireless/enu
      ProxyPass "/siebel" "https://bejar23.oracle.com:9001/siebel" connectiontimeout=600 timeout=600
      ProxyPassReverse "/siebel" "https://bejar23.oracle.com:9001/siebel" 
      Timeout 600
      ProxyTimeout 600
      #<Location /eCommunicationsWireless_enu>
      <Location /siebel>
      AuthType openid-connect
      Require valid-user
      </Location>
     # This is a fake resource used by mod_auth_openidc
     # Users will not access it directly
      <Location /oidc/>
      AuthType openid-connect
      Require valid-user
      </Location>
     </virtualhost>