Apache
Various tips and configs for running openEquella behind Apache.
- Forward Proxy
- Reverse Proxy
- Running Apache in front of openEquella
- Running Apache as a load balancer in front of openEquella
Forward Proxy
NOTE: This is an insecure method to setup a forward proxy. Use only with caution and for a small time behind your firewall while you are testing.
- Setup a server running Apache 2
- Run: sudo a2enmod proxy_connect
- Create an available-site (I called it equella-forward-proxy) with the contents:
Listen <Apache Server IP>:8047
<VirtualHost <Apache Server IP>:8047>
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
- Refresh / restart Apache: sudo a2dissite equella-forward-proxy ; sudo a2ensite equella-forward-proxy ; sudo service apache2 restart
- In your openEquella optional-config file, enable the following and restart openEquella.
configurationService.proxyHost=<Apache Server IP> configurationService.proxyPort=8047
To confirm openEquella is using the proxy, change the ports in the Apache site file, and refresh apache and then try to add a URL to openEquella
Reverse Proxy
Running Apache in front of openEquella
This assumes a single node with the IP Address of 192.168.1.234.
Install Apache (in Ubuntu):
$ sudo apt-get install apache2
Enabled the needed mods (in Ubuntu), disable the default sites and restart:
$ sudo a2enmod proxy_http
$ sudo a2enmod proxy_balancer ====> Needed for clustering.
$ sudo a2enmod headers ====> Needed for clustering.
$ sudo a2enmod ssl ====> Needed for SSL.
$ sudo a2dissite default
$ sudo a2dissite default-ssl
$ service apache2 restart
In the apache install directory, edit the httpd.conf
file and add the following:
ServerName 192.168.1.234
ServerAdmin YOUR_EMAIL_ADDRESS
Navigate to the sites-available and add a new site - just create a new file (I chose equella) with the following and change the desired configs (The IP Address and port in ProxyPass and ProxyPassReverse)
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://192.168.1.234:8080/ nocanon
ProxyPassReverse / http://192.168.1.234:8080/ nocanon
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Then enable your equella site, and restart:
$ sudo a2ensite equella-standalone
$ service apache2 restart
Running Apache as a load balancer in front of openEquella
HTTP:
<VirtualHost *:80>
ProxyPass / balancer://mycluster/ nocanon
ProxyPreserveHost On
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster/ >
BalancerMember http://192.168.1.234:8080 route=1
BalancerMember http://192.168.1.234:8080 route=2
ProxySet stickysession=ROUTEID
</Proxy>
</VirtualHost>
HTTPS: Note: You’ll need at least a self-signed cert for this. A tutorial can be found here: https://help.ubuntu.com/lts/serverguide/certificates-and-security.html. Assuming you followed the steps in the link, then use this config for the clustered SSL:
<VirtualHost *:443>
ProxyPass / balancer://mycluster/ nocanon
ProxyPreserveHost On
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster/ >
BalancerMember http://192.168.1.234:8080 route=1
BalancerMember http://192.168.1.234:8080 route=2
ProxySet stickysession=ROUTEID
</Proxy>
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>