Home / server / Questions / 586219
In Process
Jay M
Asked: 2014-04-03 08:31:27 +0800 CST

Aras Innovator PLM behind an SSL reverse proxy (Apache2)

  • 772

We have Aras Innovator PLM running on an IIS Server within our LAN.

We'd like to make this available on the Internet, for access to our partners and sub-contractors, but for logistical reasons can't simply connect the server to the public Internet.

To enhance security it has been decided that it MUST run SSL with client certificates, so even a misconigured proxy or server won't leak data.

As a test, I have successfully used a VPS located on the Internet running Apache as a web proxy (SSL) which is connected to the webserver within the LAN via a VPN to browse MoinMoin.

Client <-> Internet <-> VPS <-> Proxy <-> VPN <-> WebServer <-> MoinMoin

But I can't do the same with Aras, it gets to the login page and refuses to go any further. Obviously it works internally.

So:
https://server.domain.net/wiki works
but
https://server.domain.net/InnovatorServer does not work

I've tried TCPDUMPS and Wireshark and can't see any traffic when the LOGIN button is pressed.

Here is my apache config (altered for security reasons)

Any suggestions what to try next?

<VirtualHost _default_:443>
    ServerAdmin [email protected]
    ServerName server.domain.net

    DocumentRoot /var/www

    <Directory />
      Options FollowSymLinks
      AllowOverride None
    </Directory>

    <Directory /var/www/>
     Options Indexes FollowSymLinks MultiViews
     AllowOverride None
     allow from all
     Order deny,allow

     SSLRequireSSL
     SSLVerifyClient require
     SSLVerifyDepth 1
    </Directory>

    ProxyRequests off
    ProxyPreserveHost on

    SSLOptions +StdEnvVars +ExportCertData

    RewriteEngine On
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

    <Location /wiki>
     Order deny,allow
     Allow from all
     SSLVerifyClient require
     SSLVerifyDepth 1

     ProxyPass              http://server1.lan:80/wiki
     ProxyPassReverse       http://server1.lan:80/wiki
    </Location>

    <Location /InnovatorServer>
     Order deny,allow
     Allow from all
     SSLVerifyClient require
     SSLVerifyDepth 1

     ProxyPass              http://server2.lan:80/InnovatorServer
     ProxyPassReverse       http://server2.lan:80/InnovatorServer
     ProxyPassReverseCookieDomain server2.lan server.domain.net
    </Location>

    SSLEngine on

    SSLCACertificateFile /etc/ssl/certs/CA.pem
    SSLCertificateFile    /etc/ssl/certs/server.domain.net-cert.pem
    SSLCertificateKeyFile /etc/ssl/private/server.domain.net-cert.key

</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName server.domain.net

    ReWriteEngine On
    RewriteRule ^/InnovatorServer/(.*) https://%{HTTP_HOST}/InnovatorServer

</VirtualHost>
apache-2.2

0 Answers