Skip to Content
Author's profile photo Dong Pan

Direct Live HANA Connections in the Internet Scenario – For the Apache Fans

In my last blog Direct Live HANA Connections in the Internet Scenario, I went over a sample SAP Web Dispatcher setup for enabling CORS on the reverse proxy level and exposing HANA on the Internet. I also elaborated the advantages of using Web Dispatcher versus Apache. However, if for any reason you would still like to use Apache as the reverse proxy, how should the Apache reverse proxy be configured?

Well, we simply need to translate the Web Dispatcher rules in the last blog into Apache rules. Essentially, the Apache reverse proxy needs to “publish” the HANA XS engine, and to make sure that the CORS headers are issued only for CORS requests originated from your SAP Analytics Cloud (SAC) tenant.

Below is a sample snippet of the Apache rules:

<VirtualHost _default_:443>
  SSLEngine on
  SSLProxyEngine on
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  ServerName <ReverseProxyHost>:443
  SSLCertificateFile "${SRVROOT}/conf/ssl/reverseproxy.crt"
  SSLCertificateKeyFile "${SRVROOT}/conf/ssl/reverseproxy.key"

  DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
	CustomLog "${SRVROOT}/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	<Directory "${SRVROOT}/htdocs">
		Options Indexes Includes FollowSymLinks
		AllowOverride AuthConfig Limit FileInfo
    Require all granted
	</Directory>
  <If "req_novary('ORIGIN') == 'https://<SAC_Host>'">
    Header set Access-Control-Allow-Origin "https://<SAC_Host>"
    Header set Access-Control-Allow-Credentials true
    Header set Access-Control-Allow-Methods "GET, POST, PUT"
    Header set Access-Control-Allow-Headers "X-Csrf-Token, x-csrf-token, x-sap-cid, Content-Type, Authorization"
    Header set Access-Control-Expose-Headers "x-csrf-token"
  </If>
   ProxyPass / https://<HANA_Host>:<HANA_XS_Port>/
   ProxyPassReverse / https://<HANA_Host>:<HANA_XS_Port>/
</virtualhost>

 

I hope this blog will make the Apache fans happy:).

 

Stay tuned.

Assigned tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Denys van Kempen
      Denys van Kempen

      Thanks Dong,

      For those interested,

      Here is a step-by-step log with videos how to configure Apache SSL reverse proxy for use with SAP Analytics Cloud Live Connections (using CORS):

      Author's profile photo M Samy
      M Samy

      Dong -  What would be snippet for Apache rules for the support of the SameSite cookie attribute for Third-Party Cookies? Your other blogs have it for ICM rewrite/web dispatcher etc.. I am looking for equivalent Apache code?