Oracle EBS - How to setup DMZ HTTP Reverse Proxy Server

 Oracle EBS - How to setup DMZ HTTP Reverse Proxy Server

1. Install apache on reverse proxy server.

1.1 Download apache source file : http://apr.apache.org/download.cgi

httpd-2.4.34.tar.gz

mkdir -p /opt/app/software

copy all install packages to /opt/app/software

1.2 Download apache dependent files apr & apr-utility :

apr-1.6.3.tar.gz

apr-util-1.6.1.tar.gz

1.3 Download PCRE ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/

pcre2-10.31.tar.gz

pcre-8.42.tar.gz

1.4 Before apache install, check C, C++, Libtools, expat-devel and apr-devel compilers.

yum install -y mlocate

updatedb

yum list installed libgcc

yum remove libgcc.i686

yum install -y libgcc.x86_64 gcc-c++.x86_64 gcc.x86_64 compat-gcc-44.x86_64 compat-gcc-44-c++.x86_64

1.5 Download and install openssl which is used by apache

openssl-1.0.2o.tar.gz

Untar file in /opt/app/software

cd openssl-1.0.2o

./config --prefix=/usr/local/openssl -fPIC

make

make install

which openssl -- /bin/openssl

openssl, exit

1.6 Extract and install autoconf

Pre requisite rpms for autoconf : m4.x86_64, perl-ExtUtils-MakeMaker, Data-Dumper-2.161.tar.gz

yum install -y m4.x86_64

yum install -y perl-ExtUtils-MakeMaker

cd /opt/app/software/Data-Dumper-2.161

perl Makefile.PL

make

make install

cd ../autoconf-2.69

./configure --prefix=/usr/local/autoconf

make

make install

which autoconf

1.7 Install libtool

yum install -y libtool.x86_64

1.8 Extract and Install apr, apr-util & pcre.

Untar files in /opt/app/software and rename files by removing version numbers.

tar -xvzf apr-1.6.3.tar.gz

tar -xvzf apr-util-1.6.1.tar.gz

tar -xvzf pcre-8.42.tar.gz

mv apr-1.6.3 apr

mv apr-util-1.6.1 apr-util

mv pcre-8.42 pcre

cd ./apr

./configure

make clean

make

make install

cd ../apr-util

yum install -y imlib.x86_64

yum install -y expat-devel.x86_64 expat.x86_64

./configure --with-apr=/usr/local/apr/bin/apr-1-config

make clean

make

make install

cd ../pcre

./configure --prefix=/usr/local/pcre

make clean

make

make install

1.9 Apache Installation

cd /opt/app/software/httpd-2.4.34

./buildconf

./configure --prefix=/opt/app/dmz --with-including-apr --with-pcre=/usr/local/pcre --with-ssl=/usr/local/openssl --enable-so --enable-mods-shared="ssl proxy proxy_http proxy_ftp proxy_connect headers"

make clean

make

make install

For some reason, if you run into issues during cnfiguring/make , run below buildconf to run configure command again otherwise latest changes won't be affective.

./buildconf

2.0 mod_security for apache Installation:

Download and Install modsecurity-2.9.0.tar.gz

Prerequisites:

yum install libtool.x86_64 -- already installed

yum install -y libxml2-devel.x86_64

Untar and Install

mkdir -p /opt/app/dmz/mod_security

cd /opt/app/software

tar -zxvf modsecurity-2.9.0.tar.gz

cd modsecurity-2.9.0

export PATH=/usr/local/openssl:/usr/local/autoconf/bin:/usr/local/libtool/bin:$PATH

./autogen.sh

./configure --prefix=/opt/app/dmz/mod_security --with-apxs=/opt/app/dmz/bin/apxs

make

make install

2.1 Make sure mod_security2.so files generated in apache directory.

cd /opt/app/dmz/modules

ls -lrt mod_security2.so

cd /opt/app/dmz/mod_security

ls -lrt

Start the apache and check.

cd /opt/app/dmz/bin

ps -ef|grep httpd

./apachectl start

ps -ef|grep httpd

./apachectl stop

1.7.6. Enable mod_security module in httpd.conf.

LoadModule security2_module modules/mod_security2.so

1.8. Now start the services and make sure there are no issues.

2. Add proxy pass entries to httpd.conf

Note: Disable below SSL parameters:

         SSLProxyCheckPeerCN off

         SSLProxyCheckPeerName off

3. Setup url_fw.conf from external node to proxy ${APACHE_HOME}/conf.

4. Enable only Isupplier related url's in url_fw.conf.