Configuring IBM HTTP Server as a reverse proxy for WebSphere Application Server

This topic describes how to configure IBM® HTTP Server as a reverse proxy for WebSphere® Application Server. A reverse proxy server provides an additional layer of security, protects HTTP servers further up the chain, and improves the performance of Secure Sockets Layer (SSL) requests. Also allows you to change your deployment topology at a later time.

A reverse proxy server is a special HTTP server that prevents direct access to the content HTTP server. All request for the content HTTP server go through the reverse proxy server. For more information about reverse proxies, see Reverse proxy servers in topologies.

These are some of the main advantages of using a reverse proxy server:

Configuring WebSphere Application Server web server plug-in

To install and configure IBM HTTP Server and the Web server plug-ins, refer to the following resources:

Optional: Additional configuration for application ETL data collection jobs

If your application reporting ETL jobs are configured to use Jazz™ Team Server (oAuth) authentication and there is an HTTP fronting server in the application topology, you must add an additional entry to the httpd.conf file.

  1. Navigate to the installation directory for your IBM HTTP Server.
  2. Open conf\httpd.conf in an editor.
  3. In the Global section (Section 1) of the file, add this entry:

    SetEnv websphere-nocanon 1

  4. Restart your web server.

Optional: Changing the port number of the web server

By default, the web server uses port 443 for secure communications over HTTPS. This means that the port number is not displayed in the URL. For example, You can use the default port 443 for new deployments, however, if you are using the reverse proxy to change your deployment from a departmental (all-in-one) topology to a distributed topology, then you must configure the web server to use the existing port number from your original deployment. The default port number for deployments not using a reverse proxy is 9443.

  1. From the Integrated Solutions Console click Server > Server Types > Web servers.
  2. Click your defined web server link to open its Configuration page.
  3. To change the non-SSL port number, enter the new port number in the Port field.
  4. To change the SSL port number, under Configuration settings click Web Server Virtual Hosts.
  5. Click the virtual host link that you want to change the port number for to open its Configuration page.
  6. Enter the new port number in the Port field.
  7. Click Apply and Save directly to the master configuration.
  8. Restart your web server.

video icon Video channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community forums library

support icon Support

IBM Support Community
Deployment wiki