July 23, 2018
If you are internet hosting a web page or API from your IBM i server, but would like to decrease your be concerned about letting entry from the Online, we generally endorse a reverse proxy (or “gateway”) server. An market-normal solution, a reverse proxy server acts as a layer of safety concerning your generation server and your firewall. On IBM i, the IBM HTTP Server (driven by Apache) for i can act as a reverse proxy server, so there’s nothing further to set up.
Whilst there are a number of approaches to set it up, one particular tactic is to set the reverse proxy or gateway in a distinctive IBM i partition located in your network’s “demilitarized zone” (DMZ), open up to the Online, while your generation server sits properly guiding it in your non-public intranet. The reverse proxy pulls appropriate information from your generation website server and shows the information to customers.
Solutions consist of appliances such as Symantec’s Blue Coat proxy and cloud-centered gateways such as cloudflare.com.
To configure a reverse proxy server below IBM i, follow these ways:
- Check with your administrators to set up (or make obtainable to you, if one particular exists previously) an IBM i logical partition in your network’s DMZ. The partition will not need to have considerably in the way of sources.
Also inquire for the internal IP tackle of your server that will be secured. For our illustration, say it is 192.168..200.
- Create an Apache occasion in your DMZ partition. Name it a thing like GATEWAY. Instructions for making the occasion are on this website page: https://www.ibm.com/assistance/knowledgecenter/en/SSAW57_eight.five.five/com.ibm.websphere.set up.nd.iseries.doc/ae/tins_is_ihsnew.html
You may possibly would like to incorporate further features, such as SSL assistance, to your occasion. SSL instructions: http://www-01.ibm.com/assistance/docview.wss?uid=nas8N1018776
- Edit this gateway occasion so that it capabilities as a reverse proxy server. You are going to need to have to edit the appropriate Apache occasion configuration file. Its location will rely on your website server occasion title. For illustration, if your Apache occasion is named GATEWAY, then the file is possible to be located at /www/gateway/conf/httpd.conf. This is a simple text file, so you may possibly select from a number of editors: IBM’s HTTP Server Admin GUI at port 2001 (if *ADMIN is begun), the WRKLNK/EDTF command, or your beloved text editor.
Incorporate the following directives to httpd.conf’s most important segment (pound signals are remarks):
LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/ZSRCORE.SRVPGM LoadModule proxy_join_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM # URL route / will pull information from server 192.168..200. ProxyPass http://192.168..200/ ProxyPassReverse http://192.168..200/
- Use the Start out TPC/IP Server (STRTCPSVR) CL command to restart your Apache occasion (in this circumstance, “GATEWAY”).
STRTCPSVR SERVER(*HTTP) RESTART(*HTTP) HTTPSVR(GATEWAY)
- Now your web page ought to be available to the general public via the gateway server’s tackle.