In my last blog Direct Live HANA Connections in the Internet Scenario, I went over a sample SAP Web Dispatcher setup for enabling CORS on the reverse proxy level and exposing HANA on the Internet. I also elaborated the advantages of using Web Dispatcher versus Apache. However, if for any reason you would still like to use Apache as the reverse proxy, how should the Apache reverse proxy be configured?

Well, we simply need to translate the Web Dispatcher rules in the last blog into Apache rules. Essentially, the Apache reverse proxy needs to "publish" the HANA XS engine, and to make sure that the CORS headers are issued only for CORS requests originated from your SAP Analytics Cloud (SAC) tenant.

Below is a sample snippet of the Apache rules:

<VirtualHost _default_:443>

  SSLEngine on

  SSLProxyEngine on

  SSLProxyCheckPeerCN off

  SSLProxyCheckPeerName off

  ServerName <ReverseProxyHost>:443

  SSLCertificateFile "${SRVROOT}/conf/ssl/reverseproxy.crt"

  SSLCertificateKeyFile "${SRVROOT}/conf/ssl/reverseproxy.key"



  DocumentRoot "${SRVROOT}/htdocs"

# DocumentRoot access handled globally in httpd.conf

	CustomLog "${SRVROOT}/logs/ssl_request.log" \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	<Directory "${SRVROOT}/htdocs">

		Options Indexes Includes FollowSymLinks

		AllowOverride AuthConfig Limit FileInfo

    Require all granted

	</Directory>

  <If "req_novary('ORIGIN') == 'https://<SAC_Host>'">

    Header set Access-Control-Allow-Origin "https://<SAC_Host>"

    Header set Access-Control-Allow-Credentials true

    Header set Access-Control-Allow-Methods "GET, POST, PUT"

    Header set Access-Control-Allow-Headers "X-Csrf-Token, x-csrf-token, x-sap-cid, Content-Type, Authorization"

    Header set Access-Control-Expose-Headers "x-csrf-token"

  </If>

   ProxyPass / https://<HANA_Host>:<HANA_XS_Port>/

   ProxyPassReverse / https://<HANA_Host>:<HANA_XS_Port>/

</virtualhost>

 

I hope this blog will make the Apache fans happy:).

 

Stay tuned.