Oracle EBS - How to setup DMZ HTTP Reverse Proxy Server
1. Install apache on reverse proxy server.
1.1 Download apache source file : http://apr.apache.org/download.cgi
httpd-2.4.34.tar.gz
mkdir -p /opt/app/software
copy all install packages to /opt/app/software
1.2 Download apache dependent files apr & apr-utility :
apr-1.6.3.tar.gz
apr-util-1.6.1.tar.gz
1.3 Download PCRE ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
pcre2-10.31.tar.gz
pcre-8.42.tar.gz
1.4 Before apache install, check C, C++, Libtools, expat-devel and apr-devel compilers.
yum install -y mlocate
updatedb
yum list installed libgcc
yum remove libgcc.i686
yum install -y libgcc.x86_64 gcc-c++.x86_64 gcc.x86_64 compat-gcc-44.x86_64 compat-gcc-44-c++.x86_64
1.5 Download and install openssl which is used by apache
openssl-1.0.2o.tar.gz
Untar file in /opt/app/software
cd openssl-1.0.2o
./config --prefix=/usr/local/openssl -fPIC
make
make install
which openssl -- /bin/openssl
openssl, exit
1.6 Extract and install autoconf
Pre requisite rpms for autoconf : m4.x86_64, perl-ExtUtils-MakeMaker, Data-Dumper-2.161.tar.gz
yum install -y m4.x86_64
yum install -y perl-ExtUtils-MakeMaker
cd /opt/app/software/Data-Dumper-2.161
perl Makefile.PL
make
make install
cd ../autoconf-2.69
./configure --prefix=/usr/local/autoconf
make
make install
which autoconf
1.7 Install libtool
yum install -y libtool.x86_64
1.8 Extract and Install apr, apr-util & pcre.
Untar files in /opt/app/software and rename files by removing version numbers.
tar -xvzf apr-1.6.3.tar.gz
tar -xvzf apr-util-1.6.1.tar.gz
tar -xvzf pcre-8.42.tar.gz
mv apr-1.6.3 apr
mv apr-util-1.6.1 apr-util
mv pcre-8.42 pcre
cd ./apr
./configure
make clean
make
make install
cd ../apr-util
yum install -y imlib.x86_64
yum install -y expat-devel.x86_64 expat.x86_64
./configure --with-apr=/usr/local/apr/bin/apr-1-config
make clean
make
make install
cd ../pcre
./configure --prefix=/usr/local/pcre
make clean
make
make install
1.9 Apache Installation
cd /opt/app/software/httpd-2.4.34
./buildconf
./configure --prefix=/opt/app/dmz --with-including-apr --with-pcre=/usr/local/pcre --with-ssl=/usr/local/openssl --enable-so --enable-mods-shared="ssl proxy proxy_http proxy_ftp proxy_connect headers"
make clean
make
make install
For some reason, if you run into issues during cnfiguring/make , run below buildconf to run configure command again otherwise latest changes won't be affective.
./buildconf
2.0 mod_security for apache Installation:
Download and Install modsecurity-2.9.0.tar.gz
Prerequisites:
yum install libtool.x86_64 -- already installed
yum install -y libxml2-devel.x86_64
Untar and Install
mkdir -p /opt/app/dmz/mod_security
cd /opt/app/software
tar -zxvf modsecurity-2.9.0.tar.gz
cd modsecurity-2.9.0
export PATH=/usr/local/openssl:/usr/local/autoconf/bin:/usr/local/libtool/bin:$PATH
./autogen.sh
./configure --prefix=/opt/app/dmz/mod_security --with-apxs=/opt/app/dmz/bin/apxs
make
make install
2.1 Make sure mod_security2.so files generated in apache directory.
cd /opt/app/dmz/modules
ls -lrt mod_security2.so
cd /opt/app/dmz/mod_security
ls -lrt
Start the apache and check.
cd /opt/app/dmz/bin
ps -ef|grep httpd
./apachectl start
ps -ef|grep httpd
./apachectl stop
1.7.6. Enable mod_security module in httpd.conf.
LoadModule security2_module modules/mod_security2.so
1.8. Now start the services and make sure there are no issues.
2. Add proxy pass entries to httpd.conf
Note: Disable below SSL parameters:
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
3. Setup url_fw.conf from external node to proxy ${APACHE_HOME}/conf.
4. Enable only Isupplier related url's in url_fw.conf.