SAP Fiori applications are HTML5 applications based on the SAPUI5 java script library. They are made of a combination of resources like java script, html, xml, css and image files. At runtime they are downloaded first and after running locally in the client (end-users browser).
SAP Fiori applications retrieve or send updates to application data using OData calls provided by a SAP Gateway (aka frontend) server. OData is an open standard based on existing standards like HTTP, REST, XML, JSON and more. This frontend server provides data from SAP backends (this can be a S/4H, ERP, CRM or other system) via the OData format. However some Fiori apps also need Analytic or Enterprise Search data provided directly by the backend. Other apps launched from the Fiori Launchpad will need direct webdypro, web gui content be provided by the backend directly. See figure below:
Web browsers however refuse to get resources or make calls to different origins (in this case servers) for the same application. This is because of a security concept called the same-origin policy. All application resources and calls need to be made to the same origin. See also https://en.wikipedia.org/wiki/Same-origin_policy
In the case of the Fiori applications a solution exists by placing a reverse proxy in front of the frontend and backend server, which routes the calls to the right server. Such reverse proxy is needed because of its capabilities like URL redirection and rewriting and adding certificate authentication. This reverse proxy can be hardware or a software application like the SAP Web Dispatcher.
If no reverse proxy only some SAP Fiori apps will work (like UI5 transactional apps) but many others like analytic, transactions rendered with web gui and Belize theme (new in Fiori 2.0) and others will fail.
In the next table a list of the routing mapping configuration needed in the reverse proxy for web traffic between a SAP Frontend and S/4H backend systems.
|/sap/bc/ui5_ui5/||Frontend||SAPUI5 Application Handler|
|/sap/bc/lrep||Frontend||LREP HTTP handler|
|/sap/opu/odata||Frontend||OData Standard Mode|
|/sap/bc/nwbc/||Frontend||NetWeaver Business Client|
|/sap/bc/bsp||Frontend||BUSINESS SERVER PAGES (BSP) RUNTIME|
|/sap/bc/webdynpro/||Backend||Web Dynpro (WD) Runtime|
|/sap/bc/gui/||Backend||ITS-Based GUI Services|
|/sap/bc/apc||Backend||ABAP Push Channel Framework|
|/sap/bw/Mime/DS/Content||Backend||MIME IN WEB REPORTING|
The above routing mapping would translate to the following Web Dispatcher configuration file
wdisp/system_0 = SID=XXX, MSHOST=FRONTEND-FQDN, MSPORT=XXXX, SSL_ENCRYPT=1, SRCSRV=*:44310, SRCURL=/sap/bc/ui5_ui5/;/sap/bc/ui2/;/sap/bc/lrep;/sap/opu/odata;/sap/bc/nwbc/;/sap/public/;/sap/bc/bsp;/sap/saml2
wdisp/system_1 = SID=XXX, MSHOST=S4HBACKEND-FQDN, MSPORT=XXXX, SSL_ENCRYPT=1, SRCSRV=*:44310, SRCURL=/sap/bc/webdynpro/;/sap/es/;/sap/bc/gui/;/sap/bc/apc;/sap/bw/ina;/sap/bw/Mime/DS/Content
This configuration is based on the Web Dispatcher configuration mentioned here, with some changes. https://blogs.sap.com/2016/10/12/sap-fiori-s4hana-10-lessons-learned-s4hana-1511-projects/
This configuration should be complete for most customers but there might still be specific cases not covered. Also a customer might, because of security reasons want to limit the urls redirected. Therefore the configuration is to be discussed and implemented together with the network and security experts from the customer.
The recommended deployment option for SAP Gateway is to use a separate server (aka central hub deployment), see http://go.sap.com/documents/2016/06/e8e53e50-767c-0010-82c7-eda71af511fa.html# . However it is also possible to deploy the SAP Gateway on the backend system (aka embedded deployment) In this case a reverse proxy is technically not needed but preferred for security reasons.
Note that earlier releases like SAP Suite on Hana, SFIN 1.0 and SFIN 2.0 need a different configuration. In this case some urls need to be redirected directly to the SAP Hana Database. This is not the case anymore in S/4H. http://help.sap.com/saphelp_hba/helpdata/en/5e/9d0c52bcc19b33e10000000a44538d/content.htm?frameset=/en/42/de5f52eddd6f2de10000000a44176d/frameset.htm
Some further related information:
The S/4HANA Fiori Foundation Configuration (MAA) also describes the Web Dispatcher installation and more. https://blogs.sap.com/2016/11/11/fiori-for-s4hana-getting-started-with-documentation/
Fiori frontend architecture when working with multiple clients in the backend. https://blogs.sap.com/2016/10/11/configure-fiori-multi-clients/
Hope this information provides some insight and can help in your next S/4HANA implementation project!