Enabling Web Client Access via a Remote Web Server

From support-works
Jump to navigation Jump to search



Status: Published
Version: 1.3
Authors: HTL QA
Applies to: Supportworks ESP Version 7.5.0 and later; Web Client 1.1.0 and later

Enabling Web Client Access via a Remote Web Server

Requirement

The requirement that this document addresses is to make the Web Client work via an Apache Web server installed on a machine other than the main Supportworks server. This Web server may be an instance of the same Web server that is supplied with Hornbill Core Services, or it may be one obtained from the Apache website. In either case, it will now be running on the remote machine as well - perhaps outside of your organisation's firewall (within a DMZ), either specifically for the use of the Web Client or shared with other Web applications.

Hint: Instead of using a remote Web server for Web Client access, you could consider the idea of your external users gaining access to the Web Client (and everything else) via a VPN.

Proposition

As the base Web Client files have to be located on the Supportworks server, Apache proxy pass-through would provide the best solution for enabling Web Client access via a remote Web server. This solution allows the remote server to act as a reverse proxy for the Supportworks server, which would therefore be the "origin" server.

Thus, you would publicise the name-space of the remote Web server to the users, and your proxy setup would grant the Supportworks server access to the remote Web server. This way, users would never actually get direct access to the Supportworks server.

To set up the proxy - assuming that Apache Web server is already installed on the remote machine - you will first need to confirm that the relevant proxy modules are enabled and then edit two configuration files, as described below. There is no need to install any Supportworks-server or Web Client files on the remote Web server.

The first configuration file to edit will be that of the remote Web server, and the settings you add there will basically tell the server that, when anyone tries to access the publicised Web Client URL defined there, it should redirect the request to http://main-Supportworks-server/sw/webclient. The second configuration file to edit will be that of the Web Client itself, and the setting concerned will let the Web Client know that it is being run through a proxy.

Method

The procedure given here for setting up proxy pass-through assumes that the URL to be used to access the Web Client will be http://remote-Web-server/webclient (rather than the usual http://main-Supportworks-server/sw/webclient, used when the Web server is local). Other options are discussed in the Notes section below.

  1. On the remote Web server, open the file httpd.conf in a text editor. If the Web server is part of the Hornbill Core Services instance you may have installed here, the default location of that file would be:
    C:\Program Files\Hornbill\Core Services\SwHttpServer\conf
  2. Ensure that the following proxy modules within the httpd.conf file are enabled (uncommented):
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
  3. Enter the following set of directives in any global area of the httpd.conf file:
    ProxyPass /webclient http://main-Supportworks-server/sw/webclient
    ProxyPassReverse /webclient http://main-Supportworks-server/sw/webclient
    ProxyPass /sw http://main-Supportworks-server/sw
    ProxyPassReverse /sw http://main-Supportworks-server/sw
    ProxyRequests Off
    where main-Supportworks-server is the name or IP address of the machine on which the Supportworks server is installed.
    Note in the above that we also have to pass through /sw, as all applications access a variable called &[app.webroot], which points to the HTTP root. This variable is used when referencing form images and active pages (for example, &[app.webroot]/clisupp/details/itsmf/swcust.php). It is possible to set the /sw pass-through to sw/clisupp instead, but only if applications point solely to HTTP resources under &[app.webroot]/clisupp.
  4. Save the changes you have made in the httpd.conf file.
  5. Restart the SwHttpServer service.
  6. On the Supportworks server, open the file _wcconfig.php in a text editor. On a default installation, the location of the file is as follows:
    C:\Program Files\Hornbill\Supportworks Server\html\webclient\php
  7. Look for the following two commented-out lines:
    //define("_PROXYURL","http://192.168.0.106/webclient");
    //define("_PROXYPORT","80");
  8. Uncomment these, so that they become:
    define("_PROXYURL","http://192.168.0.106/webclient");
    define("_PROXYPORT","80");
  9. Replace "192.168.0.106" in the first definition line with the fully qualified DNS name of your remote Web server.
  10. If you wish to use a port other than 80 on your remote Web server, then replace 80 in the second definition line with the desired port number.
  11. Save your changes.
  12. If the remote server is within a DMZ, ensure that your firewall is configured such that ports 80 and 443 on the main Supportworks server are accessible from the remote server.

Now, if you open a Web browser and go to the URL http://DNS-name/webclient, it will display the first Web Client page. If you have specified 443 as the proxy port on your remote Web server, then you can use https:// in the URL.

Notes

  • If you want the end part of the URL to be something other than "/webclient" (perhaps because the remote Web server is to be used for more than just the Web Client) then again you can substitute all instances of webclient on its own for the required end part when you follow the instructions above.
    Thus, for example, if you want the Web Client's URL to be http://DNS-name/services, then the directives to enter in the httpd.conf file (at step 3 above) now become:
    ProxyPass /services http://main-Supportworks-server/sw/webclient
    ProxyPassReverse /services http://main-Supportworks-server/sw/webclient
    ProxyPass /sw http://main-Supportworks-server/sw
    ProxyPassReverse /sw http://main-Supportworks-server/sw
    ProxyRequests Off
    Also, the uncommented lines in the _wcconfig.php file (see steps 8 and 9 above) should now be:
    define("_PROXYURL","http://DNS-name/services");
    define("_PROXYPORT","port-number");
  • If you want the remote Web server to communicate with the local Supportworks Web server by means of SSL, then you will have to make two modifications to the remote Web server's httpd.conf file.
    Firstly, at step 3 above, you must use https:// instead of http:// in the proxy directives, as follows:
    ProxyPass /webclient https://main-Supportworks-server/sw/webclient
    ProxyPassReverse /webclient https://main-Supportworks-server/sw/webclient
    ProxyPass /sw https://main-Supportworks-server/sw
    ProxyPassReverse /sw https://main-Supportworks-server/sw
    ProxyRequests Off
    Secondly, you must configure the SSL VirtualHost section to include the SSLProxyEngine directive, as follows:
    <VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot "C:/Program Files/Hornbill/Core Services/SwHttpServer/htdocs"
    ServerName my-server
    ErrorLog logs/secure_error_log
    CustomLog logs/secure_access_log common
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile conf/ssl.crt/hslcsdef.crt
    SSLCertificateKeyFile conf/ssl.key/hslcsdef.key
  • More detailed information on proxy pass-through can be found here:
    http://httpd.apache.org/docs/2.1/mod/mod_proxy.html
    Note that, on this website, their use of the term "remote server" is the opposite of ours, as it refers to the server being proxied (that is, the Supportworks server in our case).