Configure web server as reverse proxy

To enhance the security of your OpenText Application Quality Management deployment, it is recommended to place the OpenText Application Quality Management server behind a secure reverse proxy, either an Apache or IIS web server. Such configuration is also required to support external authentication.

Configuring IIS as a reverse proxy

To integrate OpenText Application Quality Management with a web server, you configure the web server to redirect requests to the OpenText Application Quality Management Application Server. You configure the web server to work in proxy HTTP mode.

To configure IIS to work as a reverse proxy:

Note: The following instructions apply to IIS 7.0 and later.

  1. Using Server Manager, install the IIS server using default settings. You do not need to enable any other extensions.

  2. Install the URL rewrite package.

  3. Install Application Request Routing (ARR) for IIS.

    Note: If you have no direct access to the internet from your server, you can obtain the ARR 3.0 standalone version that contains everything you need, including the URL rewrite package. Download ARR 3.0 to your client, copy it to the server, and install it on the server.

  4. Make sure the IIS Web server is stopped.

  5. Open IIS Manager and ensure you have an element named Server Farms under the relevant IIS server node.

    Note:

    • If there is no Server Farms element and you are using a Windows 2012 server, uninstall Microsoft Web Farm Framework and download the latest version.

    • If you fail to install a Web Farm for IIS 10, see this KB article.

  6. Right click Server Farms and click Create Server Farm.

  7. Enter a name for the farm and click Next.

  8. Click Advanced settings and change the ports to match your OpenText Application Quality Management Jetty ports. The default ALM Jetty ports are 8080 for http and 8443 for https.

  9. Under Server address, type the name or IP address of the OpenText Application Quality Management server you want to add to the farm.

  10. Click Add to add the server.

    Note: Repeat steps 9 - 10 to add more ALM servers to use IIS as a load balancer in an ALM cluster.

  11. Click Finish.

  12. Click Yes in the Rewrite Rules dialog box that opens. This adds a URL rewrite rule that causes IIS to forward all incoming requests to the ALM Server.

  13. Select the new Server farm element created.

  14. Double-click Proxy.

  15. Set Time-out (seconds) to 35.

  16. Set Response buffer threshold to 0.

  17. Click Apply.

    Note: This change is applied only to the Application Request Routing proxy.

  18. Enable the proxy.

    1. Select the main tree node (the server name), click Application Request Routing Cache, and then click Server Proxy Settings in the Proxy section.

    2. Enable Enable proxy.

    3. Verify that HTTP version is valued with Pass Through.
    4. Verify that Reverse rewrite host in response headers is enabled.
    5. Click Apply.

  19. Restart the IIS Web server.

    You can now connect to your OpenText Application Quality Management site using the following URL: http://<IIS server name>/qcbin.

  20. If you are using IIS with multiple servers farms:

    1. Add another server farm for the other server group.

    2. Modify the URL Rewrite rule for the ALM server farm:

      1. Select the main tree node (the server name) and click URL Rewrite.
      2. Edit the Inbound Rule.
      3. Change Using from Wildcards to Regular Expressions.

      4. Change Pattern to (^qcbin(.*)).

      5. Click Apply.

    3. Modify the URL Rewrite rule for the other server farm:

      1. Select the main tree node (the server name) and click URL Rewrite.

      2. Edit the Inbound Rule.

      3. Change Using from Wildcards to Regular Expressions.

      4. Change Pattern to reflect the other server group.

      5. Click Apply.

    4. Restart the IIS Web server.

Configuring Apache as a reverse proxy

To configure Apache to work as a reverse proxy:

    Note:

  • Windows: It is recommended that you use Apache HTTP Server version 2.2.

  • Linux: It is recommended that you use Apache HTTP Server version 2.4.

  1. Make sure the Apache Web server is stopped.

  2. Navigate to the <Apache Home directory>\conf directory.

  3. Create a backup copy of the httpd.conf file.

  4. Open the httpd.conf file.

  5. Uncomment or add the following load module commands:

    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule headers_module modules/mod_headers.so

  6. Add the following section to the end of the file:

    # Turn off support for true Proxy behavior as we are acting as
# a reverse proxy
ProxyRequests Off
# Turn off VIA header as we know where the requests are proxied
ProxyVia Off
# Set the permissions for the proxy
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
# Turn on Proxy status reporting at /status
# This should be better protected than: Allow from all
ProxyStatus On
<Location /status>
SetHandler server-status
Order Deny,Allow
Allow from all
</Location>
# Configuring mod_proxy_http
# To connect to servlet container with HTTP protocol, the ProxyPass 
# directive can be 
# used to send requests received on a particular URL to a Jetty instance.
ProxyPreserveHost off
ProxyPass /qcbin http://<ALM server name>:8080/qcbin
ProxyPassReverse /qcbin http://<ALM server name>:8080/qcbin
# For OpenText Enterprise Performance Engineering deployments, add the following:
ProxyPass /loadtest http://<LoadRunner Enterprise server name>/loadtest
ProxyPass /LoadTest http://<LoadRunner Enterprise server name>/LoadTest
ProxyPass /Loadtest http://<LoadRunner Enterprise server name>/Loadtest
ProxyPassReverse /loadtest http://<LoadRunner Enterprise server name>/loadtest
ProxyPassReverse /LoadTest http://<LoadRunner Enterprise server name>/LoadTest
ProxyPassReverse /Loadtest http://<LoadRunner Enterprise server name>/Loadtest
# Rewrite rule trailing slash must be used in the VirtualHost section
RewriteEngine On
# Add trailing slash if was not present in the original request
RewriteRule ^/qcbin$ /qcbin/ [R]

  7. Save the changes to the file.

  8. Run httpd -t from the Apache bin folder to check the syntax of the file.

  9. Restart the Apache Web server.

    You can now connect to your OpenText Application Quality Management site using the following URL: http://<ALM virtual server name>[:<apache port number>]/qcbin.