After reviewing the admin guides and mobile documentation it seems that there is very little info on setting up the web tier in the dmz on a Linux box. We have a new Linux dmz server setup in the amazon cloud running amazon’s Linux (ie. centos) with ssl, and cert installed. apache is installed and it will be the reverse proxy and tomcat will be used to communicate to the bo server on our intranet.
Where I am not clear on is what config needs to be done with apache for reserve proxy (we have a Linux guru that can configure the apache reverse proxy).
Do I need to install the boe 4.1 platform with only the web tier for Linux?
Can I configure the existing tomcat 6 install on the Linux box to point back to boe on our intranet?
If I cannot get this to work then I may go with setting up a windows box in our dmz and then follow the mobile instructions for setting it up.
I haven’t done BO in a DMZ (yet, hope to soon), but in theory it shouldn’t be any different that setting up a normal reverse proxy.
If you’re using Apache as the web server in the DMZ, you could simply configure mod_jk to proxy to Tomcat running on the BOE server in the internal network. Only the AJP port would need to be open between the DMZ and the Tomcat server.
You could also run wdploy in split mode, copy the generated htdocs to Apache on the DMZ server, and use Apache to serve the static files as well as reverse-proxying to Tomcat for the dynamic stuff.
Technically, the only difference between this configuration and one that’s not DMZ is the firewall configuration.
If you want to run the web application server (Tomcat) in the DMZ, then it gets more complicated. You’d either need to do an install of the BO application on the DMZ server, selecting a custom install (web tier only), or copy the webapps/BOE directory from the installed Tomcat to the DMZ server (assuming Tomcat is already installed there). Firewall configuration becomes a little tricky since you need to open up the CMS port (6400), and I think you may need to force the other servers to stay on one port. So, much cleaner to do a straight reverse-proxy to the existing BO server.
You have to set up specified ports in the “Request Port” for each of the server processes under “Servers” in the CMC. There are a few default ports that are set up that you can change if you need to, but you shouldn’t reuse:
CMC Name server port: 6400
Web Application Container Server HTTP Port: 6405
SIA: 6410
Once you have everything running on specified ports, you’ll also have to open those ports through the firewall between your BO servers and the web server(s) in the DMZ.
It’s not a difficult thing to configure, just a bit tedious.
(BOB member since 2007-12-06)
(BOB member since 2003-11-27)