• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Guru: Serve Web Pages Safely Using A Reverse Proxy

    July 23, 2018 Alan Seiden

    If you are hosting a website or API from your IBM i server, but wish to reduce your worry about allowing access from the Internet, we often recommend a reverse proxy (or “gateway”) server. An industry-standard solution, a reverse proxy server acts as a layer of safety between your production server and your firewall. On IBM i, the IBM HTTP Server (powered by Apache) for i can act as a reverse proxy server, so there’s nothing additional to install.

    While there are several ways to set it up, one approach is to put the reverse proxy or gateway in a special IBM i partition situated in your network’s “demilitarized zone” (DMZ), open to the Internet, while your production server sits safely behind it in your private intranet. The reverse proxy pulls appropriate content from your production web server and displays the content to users.

    Alternatives include appliances such as Symantec’s Blue Coat proxy and cloud-based gateways such as cloudflare.com.

    To configure a reverse proxy server under IBM i, follow these steps:

    1. Ask your administrators to set up (or make available to you, if one exists already) an IBM i logical partition in your network’s DMZ. The partition won’t need much in the way of resources.

    Also ask for the internal IP address of your server that will be protected. For our example, say it’s 192.168.0.200.

    1. Create an Apache instance in your DMZ partition. Name it something like GATEWAY. Instructions for creating the instance are on this page: https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.installation.nd.iseries.doc/ae/tins_is_ihsnew.html

    You may wish to add additional features, such as SSL support, to your instance. SSL instructions: http://www-01.ibm.com/support/docview.wss?uid=nas8N1018776

    1. Edit this gateway instance so that it functions as a reverse proxy server. You’ll need to edit the appropriate Apache instance configuration file. Its location will depend on your web server instance name. For example, if your Apache instance is named GATEWAY, then the file is likely to be located at /www/gateway/conf/httpd.conf. This is a simple text file, so you may choose from several editors: IBM’s HTTP Server Admin GUI at port 2001 (if *ADMIN is started), the WRKLNK/EDTF command, or your favorite text editor.

    Add the following directives to httpd.conf’s main section (pound signs are comments):

    LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM 
    LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/ZSRCORE.SRVPGM
    LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
     # URL path / will pull content from server 192.168.0.200.
     
     ProxyPass http://192.168.0.200/
     ProxyPassReverse http://192.168.0.200/
     
    
    1. Use the Start TPC/IP Server (STRTCPSVR) CL command to restart your Apache instance (in this case, “GATEWAY”).
    STRTCPSVR SERVER(*HTTP) RESTART(*HTTP) HTTPSVR(GATEWAY)
    
    1. Now your website should be accessible to the public through the gateway server’s address.

    An IBM Champion and founder of Seiden Group, Alan Seiden leads a team that mentors clients in building APIs and web/mobile applications using open source, PHP, Python and IBM i business logic. Alan’s passion for the IBM i community inspires him to host the bi-annual CIO Summit and offer a free monthly tips newsletter.

    RELATED STORIES

    Creating and configuring HTTP server instances on IBM i

    Enable Apache HTTP for SSL

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: 400guru, API, FHG, Four Hundred Guru, IBM i, SSL, TPC/IC

    Sponsored by
    ARCAD Software

    WEBINAR
    Unit Test Automation: Secure Application Quality on IBM i
    April 15, 12 p.m. EDT, 5 p.m. BST

    Unit testing is arguably the most effective element of your testing strategy, driving the quality of your application as it is being developed.  Yet how can unit testing benefit legacy applications on IBM i – and especially those containing ‘monolithic’ sections of code?

    In this Webinar we will demonstrate how specialized unit test automation can safeguard application quality and generate reusable test assets for both modular and monolithic code.

    You will learn how to automate the IBM i unit testing process within a standard DevOps stack., including RDi, JUnit and Jenkins.

    Using ARCAD iUnit, you’ll see:

    • Automated test creation for modules, programs and service programs
    • Code coverage results
    • Mock capability – simulates key components like data, files programs
    • Test execution history
    • Version control with Git

    Register today and secure the quality of your IBM i application.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    The Frustration Of Not Knowing How We Are Doing Outsourcing Comes Back Home

    Leave a Reply Cancel reply

TFH Volume: 28 Issue: 48

This Issue Sponsored By

  • Fresche Solutions
  • ARCAD Software
  • RPG & DB2 Summit
  • Computer Keyes
  • WorksRight Software

Table of Contents

  • Db2 For i Innovation: Expect The Unexpected
  • Outsourcing Comes Back Home
  • Guru: Serve Web Pages Safely Using A Reverse Proxy
  • The Frustration Of Not Knowing How We Are Doing
  • IBM Sunsets Big Iron Power8 Engines As Power9 Engines Loom

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • When Cloud Meets DevOps on IBM i
  • JD Edwards Roadmap Reveals Decisions To Be Made
  • IBM Completes Migration of Knowledge Center to IBM Documentation
  • Four Hundred Monitor, April 7
  • Crazy Idea Number 615: Variable Priced Power Systems Partitions
  • Do The Math When Looking at IBM i Hosting For Cost Savings
  • Guru: Web Services, DATA-INTO and DATA-GEN, Part 1
  • Oracle Versus Rimini Slogs On In Second Decade
  • HCI Is The Dominant Converged System, Probably For Good
  • Skytap To Expand IBM i Cloud Offering

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2021 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.