• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Guru: Serve Web Pages Safely Using A Reverse Proxy

    July 23, 2018 Alan Seiden

    If you are hosting a website or API from your IBM i server, but wish to reduce your worry about allowing access from the Internet, we often recommend a reverse proxy (or “gateway”) server. An industry-standard solution, a reverse proxy server acts as a layer of safety between your production server and your firewall. On IBM i, the IBM HTTP Server (powered by Apache) for i can act as a reverse proxy server, so there’s nothing additional to install.

    While there are several ways to set it up, one approach is to put the reverse proxy or gateway in a special IBM i partition situated in your network’s “demilitarized zone” (DMZ), open to the Internet, while your production server sits safely behind it in your private intranet. The reverse proxy pulls appropriate content from your production web server and displays the content to users.

    Alternatives include appliances such as Symantec’s Blue Coat proxy and cloud-based gateways such as cloudflare.com.

    To configure a reverse proxy server under IBM i, follow these steps:

    1. Ask your administrators to set up (or make available to you, if one exists already) an IBM i logical partition in your network’s DMZ. The partition won’t need much in the way of resources.

    Also ask for the internal IP address of your server that will be protected. For our example, say it’s 192.168.0.200.

    1. Create an Apache instance in your DMZ partition. Name it something like GATEWAY. Instructions for creating the instance are on this page: https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.installation.nd.iseries.doc/ae/tins_is_ihsnew.html

    You may wish to add additional features, such as SSL support, to your instance. SSL instructions: http://www-01.ibm.com/support/docview.wss?uid=nas8N1018776

    1. Edit this gateway instance so that it functions as a reverse proxy server. You’ll need to edit the appropriate Apache instance configuration file. Its location will depend on your web server instance name. For example, if your Apache instance is named GATEWAY, then the file is likely to be located at /www/gateway/conf/httpd.conf. This is a simple text file, so you may choose from several editors: IBM’s HTTP Server Admin GUI at port 2001 (if *ADMIN is started), the WRKLNK/EDTF command, or your favorite text editor.

    Add the following directives to httpd.conf’s main section (pound signs are comments):

    LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM 
    LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/ZSRCORE.SRVPGM
    LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
     # URL path / will pull content from server 192.168.0.200.
     
     ProxyPass http://192.168.0.200/
     ProxyPassReverse http://192.168.0.200/
     
    
    1. Use the Start TPC/IP Server (STRTCPSVR) CL command to restart your Apache instance (in this case, “GATEWAY”).
    STRTCPSVR SERVER(*HTTP) RESTART(*HTTP) HTTPSVR(GATEWAY)
    
    1. Now your website should be accessible to the public through the gateway server’s address.

    An IBM Champion and founder of Seiden Group, Alan Seiden leads a team that mentors clients in building APIs and web/mobile applications using open source, PHP, Python and IBM i business logic. Alan’s passion for the IBM i community inspires him to host the bi-annual CIO Summit and offer a free monthly tips newsletter.

    RELATED STORIES

    Creating and configuring HTTP server instances on IBM i

    Enable Apache HTTP for SSL

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: 400guru, API, FHG, Four Hundred Guru, IBM i, SSL, TPC/IC

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    The Frustration Of Not Knowing How We Are Doing Outsourcing Comes Back Home

    2 thoughts on “Guru: Serve Web Pages Safely Using A Reverse Proxy”

    • Alan Seiden says:
      January 27, 2025 at 11:23 pm

      There is a typo. The second “QZSRCORE” is missing its “Q.”

      Reply
    • Alan Seiden says:
      January 29, 2025 at 11:11 am

      Sorry, another typo. We were missing the path (a slash) on two directives. Correct directives:
      ProxyPass / http://192.168.0.200/
      ProxyPassReverse / http://192.168.0.200/

      Reply

    Leave a Reply Cancel reply

TFH Volume: 28 Issue: 48

This Issue Sponsored By

  • Fresche Solutions
  • ARCAD Software
  • RPG & DB2 Summit
  • Computer Keyes
  • WorksRight Software

Table of Contents

  • Db2 For i Innovation: Expect The Unexpected
  • Outsourcing Comes Back Home
  • Guru: Serve Web Pages Safely Using A Reverse Proxy
  • The Frustration Of Not Knowing How We Are Doing
  • IBM Sunsets Big Iron Power8 Engines As Power9 Engines Loom

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle