Skip to Content

Direct Live HANA Connections in the Internet Scenario – For the Apache Fans

In my last blog Direct Live HANA Connections in the Internet Scenario, I went over a sample SAP Web Dispatcher setup for enabling CORS on the reverse proxy level and exposing HANA on the Internet. I also elaborated the advantages of using Web Dispatcher versus Apache. However, if for any reason you would still like to use Apache as the reverse proxy, how should the Apache reverse proxy be configured?

Well, we simply need to translate the Web Dispatcher rules in the last blog into Apache rules. Essentially, the Apache reverse proxy needs to “publish” the HANA XS engine, and to make sure that the CORS headers are issued only for CORS requests originated from your SAP Analytics Cloud (SAC) tenant.

Below is a sample snippet of the Apache rules:

<VirtualHost _default_:443>
  SSLEngine on
  SSLProxyEngine on
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  ServerName <ReverseProxyHost>:443
  SSLCertificateFile "${SRVROOT}/conf/ssl/reverseproxy.crt"
  SSLCertificateKeyFile "${SRVROOT}/conf/ssl/reverseproxy.key"

  DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
	CustomLog "${SRVROOT}/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	<Directory "${SRVROOT}/htdocs">
		Options Indexes Includes FollowSymLinks
		AllowOverride AuthConfig Limit FileInfo
    Require all granted
  <If "req_novary('ORIGIN') == 'https://<SAC_Host>'">
    Header set Access-Control-Allow-Origin "https://<SAC_Host>"
    Header set Access-Control-Allow-Credentials true
    Header set Access-Control-Allow-Methods "GET, POST, PUT"
    Header set Access-Control-Allow-Headers "X-Csrf-Token, x-csrf-token, x-sap-cid, Content-Type, Authorization"
    Header set Access-Control-Expose-Headers "x-csrf-token"
   ProxyPass / https://<HANA_Host>:<HANA_XS_Port>/
   ProxyPassReverse / https://<HANA_Host>:<HANA_XS_Port>/


I hope this blog will make the Apache fans happy:).


Stay tuned.

You must be Logged on to comment or reply to a post.