Configure a reverse proxy that directs all traffic to your IBM® Connections deployment to a
single server.
Before you begin
This is an optional configuration. It is recommended for optimal
performance, especially if users are accessing IBM Connections from a wide area network (WAN).Ensure
that you have installed IBM WebSphere® Edge Components
which is supplied with WebSphere Application
Server Network Deployment. For more information, go to the WebSphere Edge
Components information center.
You must also have completed
the basic configuration of WebSphere Edge
Components, set up a target backend server, and created an administrator
account.
About this task
The IBM WebSphere Application Server
Edge components provide a caching proxy that you can use to optimize
your deployment. Edge components are provided with the WebSphere Application Server Network Deployment
software.
A reverse proxy configuration intercepts browser requests,
forwards them to the appropriate content host, caches the returned
data, and delivers that data to the browser. The proxy delivers requests
for the same content directly from the cache, which is much quicker
than retrieving it again from the content host. Information can be
cached depending on when it will expire, how large the cache should
be, and when the information should be updated.
This topic
describes how to configure the Edge components to optimize the performance
of IBM Connections.
Procedure
- Open the ibmproxy.conf configuration
file for the Edge components in a text editor. The file is stored
in the following directory:
- AIX® or Linux: /etc/
- Microsoft Windows: C:\Program Files\IBM\edge\cp\etc\en_US\
- Make the following edits to the file:
- In the SendRevProxyName Directive section, add or enable
the following rule:
SendRevProxyName
yes
- In the PureProxy Directive section, add or enable the
following rule:
PureProxy off
- In the SSL Directives section, add or enable the following
rules:
SSLEnable On
SSLCaching
On
- In the Keyring Directive section, add or enable the
following rules:
KeyRing C:\ProxyKey\proxykey.kdb
KeyRingStash
C:\ProxyKey\proxykey.sth
- In the URL Rewriting rules section, add the following
reverse pass rules:
ReversePass http://httpserver/*
http://proxyserver/*
ReversePass
https://httpserver/* https://proxyserver/*
where
httpserver is
the host name of the HTTP server. The HTTP server is usually IBM HTTP Server, but could be a
load balancer or another proxy, depending on your deployment.
proxyserver is
the host name of the proxy server.
Note: You can specify * in the URL
(to indicate that all URLs for the server can be passed) only if IBM Connections is the only application
installed on the server. Alternatively, you can use a more specific
URL such as http://httpserver/connections/*.
You can use more than one ReversePass rule if you need to specify
different servers for each component.
- Also in the Mapping Rules section, add the following
proxy rules:
Proxy /* http://httpserver/* :80
Proxy /* https://httpserver/* :443
- Set the CacheTimeMargin rule to zero seconds. When a
document's expiry date is set to “soon” and soon is defined by the
CacheTimeMargin rule, setting this rule to zero disables the calculation
and forces all documents to be cached, regardless of their expiry
date. This setting is required for Blogs caching to function properly;
it does not negatively affect the other applications.
CacheTimeMargin 0
seconds
- Prevent the validation of a cache object from sending
multiple requests for the same resource to the backend server by setting
the KeepExpired rule to on. An expired or stale
copy of the resource will be returned for the brief time that the
resource is being updated on the proxy.
KeepExpired
On
- In the Method Directives section, add the following
methods:
Enable CONNECT
Enable PUT
Enable DELETE
Note: Also, be sure to enable SSL tunneling by resetting the SSLTunneling
setting to On.
- Add the following rule to the CacheQueries Directives
section:
CacheQueries PUBLIC
- Configure the proxy to allow large file uploads by editing
and uncommenting the LimitRequestBody directive:
LimitRequestBody n M
where n is
the maximum file size in MB. For example: LimitRequestBody
50 M allows a file size of up to 50 MB.
- To get Embedded Experience working with the Proxy server, include the following two commands in
the ibmproxy.conf file:
TLSV1Enable ON
V3CipherSpecs 0A09060564620403
- Save and close the ibmproxy.conf file.
- Update the dynamicHosts attribute in the LotusConnections-config.xml file
to reflect the URL of the proxy server:
<dynamicHosts
enabled="true">
<host href="http://proxy.example.com"
ssl_href="https://proxy.example.com"/>
</dynamicHosts>
- Optional: If you are using Connections Content
Manager, you must reconfigure FileNet Collaboration Services to be
aware of your reverse proxy. Set fncsServerURL, fncsServerURLSecure and icURI properties
as described in Configuring FileNet Collaboration Services
for the Connections Content Manager.
- Using iKeyman, extract certificates from IBM Connections and add them to the proxy server
key database:
Note: Be sure to use iKeyman that comes with
the HTTP server, since it does not come with the proxy.
- Open the IBM Connections
kdb file and extract the certificates.
- Open the kdb file on the proxy server and add the certificates
that you extracted from IBM Connections.
For more information about iKeyman, go to the topic in the IBM HTTP Server information center.
- Restart the Edge server.