Direct Live HANA Connections in the Internet Scenario – For the Apache Fans
In my last blog Direct Live HANA Connections in the Internet Scenario, I went over a sample SAP Web Dispatcher setup for enabling CORS on the reverse proxy level and exposing HANA on the Internet. I also elaborated the advantages of using Web Dispatcher versus Apache. However, if for any reason you would still like to use Apache as the reverse proxy, how should the Apache reverse proxy be configured?
Well, we simply need to translate the Web Dispatcher rules in the last blog into Apache rules. Essentially, the Apache reverse proxy needs to “publish” the HANA XS engine, and to make sure that the CORS headers are issued only for CORS requests originated from your SAP Analytics Cloud (SAC) tenant.
Below is a sample snippet of the Apache rules:
<VirtualHost _default_:443>
SSLEngine on
SSLProxyEngine on
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ServerName <ReverseProxyHost>:443
SSLCertificateFile "${SRVROOT}/conf/ssl/reverseproxy.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/reverseproxy.key"
DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "${SRVROOT}/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
<If "req_novary('ORIGIN') == 'https://<SAC_Host>'">
Header set Access-Control-Allow-Origin "https://<SAC_Host>"
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Methods "GET, POST, PUT"
Header set Access-Control-Allow-Headers "X-Csrf-Token, x-csrf-token, x-sap-cid, Content-Type, Authorization"
Header set Access-Control-Expose-Headers "x-csrf-token"
</If>
ProxyPass / https://<HANA_Host>:<HANA_XS_Port>/
ProxyPassReverse / https://<HANA_Host>:<HANA_XS_Port>/
</virtualhost>
I hope this blog will make the Apache fans happy:).
Stay tuned.
Thanks Dong,
For those interested,
Here is a step-by-step log with videos how to configure Apache SSL reverse proxy for use with SAP Analytics Cloud Live Connections (using CORS):
Dong - What would be snippet for Apache rules for the support of the SameSite cookie attribute for Third-Party Cookies? Your other blogs have it for ICM rewrite/web dispatcher etc.. I am looking for equivalent Apache code?