Versions Compared

Version Old Version 7 New Version 8
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide will show you how to configure an Apache as a front door with SSL protection for Abiquo. The communication between Apache and Tomcat is done with the AJP Connector to improve performaceperformance.

Install Apache with mod_ssl

...

Declare the hostname of the Server + API machine (10.60.11.24), the AM machine (10.60.11.25) machine and the host which will connect to the client (your own localhost) as well.

...

The same file must be properly configured on the AM machine. You can check everything works fine if after by executing "hostname" and checking the name selected is displayed. If not, try running the following command:

Code Block
/etc/init.d/network restart

Next add the hostname into /etc/httpd/conf/httpd.conf in on the API+Server machine and AM machine:

...

Now on the API+Server machine, we configure theĀ /etc/httpd/conf.d/proxy_ajp.conf file and add the configuration of the AM machine, leaving so the file will be something like this:

Code Block
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
<VirtualHost *:80>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>
<VirtualHost *:443>
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On
<Directory /opt/abiquo/tomcat/webapps/client-premium/>
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
RewriteRule ^/client-premium$ /client-premium/ [R]
<Location /client-premium>
ProxyPass ajp://server263:8010/client-premium/
ProxyPassReverse ajp://server263:8010/client-premium/
</Location>
<Location /api>
ProxyPass ajp://server263:8010/api/
ProxyPassReverse ajp://server263:8010/api/
</Location>
<Location /m>
ProxyPass ajp://server263:8010/m/
ProxyPassReverse ajp://server263:8010/m/
</Location>
<Location /legal/>
ProxyPass ajp://server263:8010/legal/
ProxyPassReverse ajp://server263:8010/legal/
</Location>

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /opt/abiquo/tomcat/webapps/am/>
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Location /am>
ProxyPass ajp://rs263:8010/am
ProxyPassReverse ajp://rs263:8010/am
</VirtualHost>

...

To finish the setup, we should:

  1. stop the Stop Apache on the AM side (/etc/init.d/httpd stop)
  2. in In the database , now the URI of the appliance manager Appliance Manager in remote services now points directly to the API, which means the URI should be something like "https://server263:443/am"
  3. restart Restart the abiquo-tomcat service on both machines. Remember to restart the apache Apache on the API+Server machine as well.