• setup apache as reverse proxy

  • Problems with installing OpenKM? No problemo, the solution is closer than you think.
Problems with installing OpenKM? No problemo, the solution is closer than you think.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #53010  by chocolatie_sr
 
Hi all,

I am using openKM 6.3.11 CE (installed with postgresql and java 8) on ubuntu 20.04 server. However, I have stumbled upon a writing about not exposing openKM directly to the web but using apache as a reverse proxy:

https://docs.openkm.com/kcenter/view/ok ... proxy.html

I have executed all these steps but still am not able to see the https://mydomain.com (my browser gives an error saying This site can’t be reached)

If I type http://mydomain.com, I get to see the apache standard greeting (Apache2 Ubuntu Default Page)

My /etc/apache2/sites-available/openkm.conf file looks like this
Code: Select all
<VirtualHost *:80>
  ServerName mydomain.com
  Redirect permanent / https://mydomain.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName mydomain.com
  RedirectMatch ^/$ /OpenKM

  # WebSocket support - needs proxy-wstunnel
  ProxyPass /OpenKM/frontend/webSocket wss://127.0.0.1:8080/OpenKM/frontend/webSocket
  ProxyPassReverse /OpenKM/frontend/webSocket wss://127.0.0.1:8080/OpenKM/frontend/webSocket

  ProxyPass /OpenKM ajp://127.0.0.1:8009/OpenKM
  ProxyPassReverse /OpenKM https://mydomain/OpenKM

  ErrorLog /var/log/apache2/mydomain.com-error.log
  CustomLog /var/log/apache2/mydomain.com-access.log combined

  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
Can somebody help me diagnose this?
 #53022  by chocolatie_sr
 
OK I went a little bit further with this and installed a FreeBSD virtual machine, installed apache on that and made it the proxy server.

I installed letsencrypt on it and my /usr/local/etc/apache24/extra/httpd-vhosts-le-ssl.conf I have configured as follows:
Code: Select all
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin myemail@mydomain.com
    DocumentRoot "/usr/local/www/apache24/data/mydomain.com"
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    ErrorLog "/var/log/mydomain.com-error_log"
    CustomLog "/var/log/mydomain.com-access_log" common
    RedirectMatch ^/$ /OpenKM
    ProxyPass /OpenKM/frontend/webSocket wss://192.168.0.200:8080/OpenKM/frontend/webSocket
    ProxyPassReverse /OpenKM/frontend/webSocket wss://192.168.0.200:8080/OpenKM/frontend/webSocket
    ProxyPass /OpenKM ajp://192.168.0.200:8009/OpenKM
    ProxyPassReverse /OpenKM https://mydomain.com/OpenKM
    SSLEngine on
SSLCertificateFile /usr/local/etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/mydomain.com/privkey.pem
Include /usr/local/etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
My ubuntu server is where tomcat is installed by openKM and the server.xml file has these relevant sections:
Code: Select all
<Connector port="8080" address="0.0.0.0" protocol="HTTP/1.1"
               connectionTimeout="20000" Server =" " redirectPort="8443"/>

 <Connector port="8009" address="192.168.0.200" protocol="AJP/1.3" redirectPort="8443"/>

<Engine name="Catalina" defaultHost="localhost">
When I give https://mydomain.com I see the redirect works and I am presented with the login screen of openKM. However, when I put my credentials, and click on login I see the following page in the browser:

https://mydomain.com/OpenKM/frontend/index.jsp

But the screen stays blank
 #53032  by jllort
 
Does the application work with http://SERVER_IP:8080/OpenKM ( that should be the first check -> because maybe problem is not in the proxy ). Take a look at openkm.log file.
 #53206  by Archambault
 
Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits: Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.