IManager Virtual Host
Open Enterprise Server runs a lot of web-based applications, most of them based on Tomcat. Sometimes it is advantageous to segment these applications into separate virtual hosts based on IP Address, port number, DNS name, or a combination.
This article details the process of setting up an application inside its own Apache Virtual Host on OES Linux, using iManager as an example.
For this article, the term scope refers to the level of visibility of an application in Apache:
- globally scoped - The application is visible on all interfaces, ports, and names.
- interface scoped - The application is only visible on a particular interface.
- port scoped - The application is only visible on a particular port.
- name scoped - The application is only visible when accessed via a particular hostname (e.g. imanager.ewidgets.example)
These are just terms used for clarification as to how visible an application will be on the server.
For this example, we will use the fictitious company Example Widgets LTD. This company has a domain name, ewidgets.example, and an OES SP2 server named oes-1.ewidgets.example that we will set up the iManager virtual host on.
Apache Global Configuration
Some people hate the modular layout of Apache in SuSE Linux, and wish everything was in a monolithic httpd.conf file. Fortunately, this example is where SuSE's modular layout of Apache shines. Since each Novell application is configured in its own separate config file, it is trivial to move these applications around to different IP addresses, ports, and named virtual hosts.
Removing this symlink will stop iManager from being scoped globally on Apache, so we can assign it a smaller scope. Note that these are just symbolic links to the iManager Apache config file located at /etc/opt/novell/iManager/nps-Apache.conf, not the config file itself, so you are not deleting the config file, only removing the symbolic links to it:
Command: rm /etc/opt/novell/httpd/conf.d/nps-Apache.conf
Command: rm /etc/opt/novell/httpd/sslconf.d/nps-Apache.conf
Keep in mind that any subsequent upgrades of iManager may replace this link, causing iManager to be scoped globally once again. You may want to place a dummy file in its place to prevent this from happening:
Command: touch /etc/opt/novell/httpd/conf.d/nps-Apache.conf
Command: touch /etc/opt/novell/httpd/sslconf.d/nps-Apache.conf
Creating an iManager SSL VirtualHost on port 12345
This example will show how to set up iManager on port 12345 (on all IP addresses) using SSL. In this example, iManager will be port-scoped to only port 12345, and will not be accessible, for example, via port 80 or port 443.
Add the 12345 port to listen.conf
/etc/apache2/listen.conf is where all interfaces and listen ports are defined for the Apache server. You don't have to define them here, but it is recommended so that your system is consistent with the SuSE best practices.
Create a SSL VirtualHost config file for port 12345
Fortunately, the default SSL VirtualHost file works pretty well, with some minor adjustments. We will now copy that file to a new file, vhost-imanager-ssl.conf, and make some adjustments to it.
Command: cp /etc/apache2/vhosts.d/vhost-ssl.conf /etc/apache2/vhosts.d/vhost-imanager-ssl.conf
Command: mkdir /srv/www/imanager
Command: touch /srv/www/imanager/index.html
At this point, you should restart apache to apply your changes.
You should now be able to go to https://yourserver:12345/nps/iManager.html and have iManager come up, yet be able to go to https://yourserver/nps/iManager.html and get nothing.
- Keep in mind that all remaining globally-scoped applications will still be accessible in this virtual host unless you limit their scopes as well.
More Complicated Scopes
This is just one example of how to limit the scope of a web-based application. For instance, you could assign each application an invidual IP address and DNS name, and give each application a redirect to its tomcat instance, so you can have URLs like the following:
instead of server1.ewidgets.example/nps/iManager.html, et. al.
In the /srv/www/imanager.html file we created, you could put a simple HTML redirect to /nps/iManager.html, so that anyone who goes to https://yourserver:12345 automatically gets redirected to iManager.
Get stuck, need clarification, or just curious about something? Please post in the Discussion Page.