Search This Blog

Monday, October 22, 2012

Configure IIS 7 as Reverse Proxy


By default, Information Portal uses Apache (http://en.wikipedia.org/wiki/Apache_HTTP_Server) as a web server. It is included in the Information Portal installation package and automatically configured to be accessed by the URL like: http://server:3141.
You can configure IIS 7 to work as a web server for Information Portal if it is required to use IIS for all web applications by the company policy. The following are additional options available in IIS 7:
  • Configure SSL encryption
  • Configure a host-header with the default port
  • Configure load distribution
  • Use automatic Windows updates to always have IIS in the most secured state.
Configuration includes three steps:
  1. Configure IIS 7 as a reverse proxy (http://en.wikipedia.org/wiki/Reverse_proxy). This means that all requests from users are sent to IIS 7 site and then redirected to the Portal Apache server. The response from Apache goes back to IIS, and then IIS sends it back to the user. We use Application Request Routing Module http://www.iis.net/download/ApplicationRequestRouting to implement this process.
  2. To avoid the direct access to Information Portal via Apache server, disable listening external requests. Apache is hidden for all users since listening external requests are disabled.
  3. Reconfigure the Information Portal SharePoint Integration feature to point to a new IIS site.

Step 1. Configure IIS 7 as Reverse Proxy

The solution is based on the standard IIS extension - the Application Request Routing module. Install it on the server hosting Information Portal and IIS 7. The Application Request Routing module can be downloaded at http://www.iis.net/download/ApplicationRequestRouting.
After the Application Request Routing (ARR) module has been installed, it should be configured to act as a proxy server (this functionality is not enabled by default). In IIS Manager, highlight the Application Request Routing Cache feature and click Open Feature in the Actions pane.
../_images/IIS_manager.png
Click Server Proxy Settings in the Actions pane.
Tick the Enable proxy checkbox, and then click Apply. Leave all the default values in place.
../_images/Enable_proxy.png
Next, configure the URL Rewrite rule, so that IIS knows what to do with requests which you want to forward to Information Portal Apache. Click a site which is supposed to be used for Information Portal. If you do not have any site, create it. In our example, a test site with the URL http://atsp2010:82 is used. Highlight the URL Rewrite icon, and then click Open Feature in the Actions pane.
../_images/URL_rewrite.png
In the URL Rewrite feature, click Add Rules in the Actions Pane.
In the Add Rule(s) dialog box, select Blank rule and click OK.
In the Edit Inbound Rule feature, specify the new rule name and type .* in the Pattern dialog box. The new rule should default to using Regular Expressions (if it does not, ensure that you select this option). In the Action section of the Edit Inbound Rule feature, ensure that the Action type is set to Rewrite and then enter http://localhost:3141/{R:0} in the Rewrite URL dialog box as shown below. Click Apply to create the new rule.
We assume that Information Portal is installed on port 3141 (default), so http://locahost:3141 is the Information Portal Apache server URL.
../_images/Edit_inbound_rule.png
Now you can test the URL: http://atsp2010:82. It displays the Information Portal Enterprise report ? the same as the http://localhost:3141 URL.
SSL can be configured on this IIS site. For more information, see the following article: http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7.

Step 2. Configure Apache to be Localhost Only

Now disable the direct access to Information Portal via Apache server.
Perform the following:
  1. Open C:\Program Files (x86)\Quest Software\Site Administrator for SharePoint\SharePoint Information Portal\Python25\conf\httpd.conf in notepad. (here we assume that the product is installed in the default path on x64 OS).
  2. Change ServerName atsp2010:3141 to ServerName 127.0.0.1:3141 (assuming that atsp2010 is the name of this server).
  3. Change Listen 3141 to Listen 127.0.0.1:3141.
    The modified httpd.config file will look as follows:
    ServerRoot “C:\Program Files (x86)\Quest Software\Site Administrator for SharePoint\SharePoint Information Portal\Python25”
    ServerName 127.0.0.1:3141
    ServerSignature Off
    ServerTokens Prod
    DocumentRoot “C:\Program Files (x86)\Quest Software\Site Administrator for SharePoint\SharePoint Information Portal\Python25”
    Listen 127.0.0.1:3141
    ...
  4. Restart the Quest.InfoPortal.WebAccess service.
Verify that http://atsp2010:3141 does not work from other servers (atsp2010 is the name of the server hosting Information Portal. Replace it with your server name).
Verify that http://atsp2010:82 works.
Now you have Information Portal installed with the IIS web front-end server.

Step 3. Reconfigure Information Portal SharePoint Integration Feature

As the Information Portal URL has been changed to http://atsp2010:82, it is required to reconfigure the SharePoint Integration feature.
Perform the following:
  1. Run cmd.exe on the server hosting Information Portal.
  2. Make the C:\Program Files (x86)\Quest Software\Site Administrator for SharePoint\SharePoint Information Portal\SPIntegration folder current.
  3. Make sure that Windows SharePoint Services Administration (SharePoint 2007) or SharePoint 2010 Administration (Sharepoint 2010) service is started on the front-end.
  4. Run the following command:
    ..\IronPython26\ipy64.exe wsp_install.py http://atsp2010:82
  5. Make sure the output does not contain errors. The process successfully completed should look like:
    1/28/2011 8:57:50 PM: Sharepoint Integration install [‘wsp_install.py’, ‘http://atsp2010:82’]
    1/28/2011 8:57:53 PM: Generating wsp solution in .\\SPIntegrationFeature for http://atsp2010:82
    1/28/2011 8:57:55 PM: setup solution: .\\SPIntegrationFeature\SPIntegrationFeature.wsp
    1/28/2011 8:57:55 PM: stop running jobs
    1/28/2011 8:57:56 PM: remove old solution
    1/28/2011 8:57:59 PM: add solution
    1/28/2011 8:58:09 PM: deploy solution
  6. Ensure that SharePoint sites have the Site Administrator Reports section containing the links to the Information Portal reports in the Site Settings. Try to open these links. In SharePoint 2010, it looks as follows:

    sahelp.sharepointforall.com
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)