Inwards Forwarding for HTTP Requests
In order to send data to a profile via HTTP/HTTPS, a dedicated URL needs to be used. The schematic structure of the URL is:
http(s)://<URL_or_IP_server_and_port>/<URL context>/<URL suffix> |
Incoming HTTP requests are handled by the Integration Server on the DMZ server. By default, the DMZ server reacts to HTTP requests whose URL path begins with the URL context /forward. This default can be overridden in file ./etc/startup_dmz.xml using the parameters servletContext and servletPath (see table in section Parameters).
In the following, we assume that the standard is used, so servletContext and servletPath are not defined. In this case, servletContext=/forward and servletPath=/* are used.
In addition to the context /forward, configuration in ./etc/startup_dmz.xml can also be used to allow further HTTP paths to be forwarded inwards.
URL Context |
Condition 1 |
Condition 2 |
Recommended Forwarding Rule in ./etc/forward.properties |
/dw/Request |
addStandardServlet=true |
|
/dw/Request/*=http://<inner>/dw/Request |
/dw/trigger |
addStandardServlet=true |
|
/dw/trigger/*=http://<inner>/dw/trigger |
/dw/request |
addStandardServlet=true |
|
/dw/request/*=http://<inner>/dw/Request |
/dw/Trigger |
addStandardServlet=true |
|
/dw/Trigger/*=http://<inner>/dw/trigger |
/partner |
addStandardServlet=true |
handleAS2=false |
/partner/AS2Retrieve/*=http://<inner>/partner/AS2Retrieve |
/forward |
<always> |
|
|
In the table, <inner> is the IP address or the DNS name of the inner Lobster_data, and possibly the port number. If the HTTPS connector is active on this system, forwarding can also take place via HTTPS. Since the connection from the DMZ server to the internal Lobster_data takes place in a protected network part, however, a further encryption via HTTPS is normally not necessary.
If the DMZ server has multiple connectors (port 80, 443, and so on) within ./etc/hub.xml, all requests that arrive via one of the connectors and correspond to a forward rule are routed according to the rule. On the target system <inner>, it is no longer possible to distinguish whether the original request used the HTTP or HTTPS protocol.
These paths (table) can be used additionally and independently of the path /forward if the specified conditions in the configuration (./etc/startup_dmz.xml) are fulfilled. The path /partner/* is not taken over from the HttpForwardServlet for /partner/*, but from the AS2Service on the DMZ server. See also section AS2 on DMZ Server below.
The forwarding does not take effect until a corresponding forwarding rule exists for the path or a subpath. In the forwarding rule, it is not necessary to forward the entire context, you can also specify individual subpaths. This way, you can control whether all profiles with HTTP Input Agents can receive data via HTTP upload via the DMZ server, or only individually selected profiles. A forwarding rule whose left part does not match one of the specified paths is not effective. In the following, the forwarding rules are explained in more detail using the context /forward.
Forwarding Rules (file ./etc/forward.properties)
Now you have to define if and where the incoming HTTP requests are forwarded to. For example, requests for a Lobster_data profile are forwarded to the inner server. This is defined in the file ./etc/forward.properties.
Each line of this file represents an independent rule. The left side (source context), to the left of the equals sign, must be unique. A rule only works if there is an active HttpForwardServlet for the source context (see table above).
...
/forward/*=http://www.google.de
/forward/images/*=http://www.google.de/images
/forward/intl/de_de/images/*=http://www.google.de/intl/de_de/images
/forward/E/*=http://www.lobster.de
...
#Forward to inner Lobster_ data
/forward/example/*=http://192.168.213.80/dw/Request/urlsuffix/example
...
Note: Changes to the file ./etc/forward.properties are recognised during runtime and are reevaluated. A restart is not necessary. For diagnostic purposes, the HTTP request log and the server log can be evaluated under ./logs. Caution: The times in the request log are in the time zone UTC, the times in the server log are in the system time zone.
The following table shows examples where incoming HTTP requests are forwarded to using the demonstrated configuration.
Incoming HTTP Request |
Forwarded HTTP Request |
http://www.xyz.com/forward/example |
http://www.google.de/example |
http://www.xyz.com/forward/images/example.jpg |
http://www.google.de/images/example.jpg |
http://www.xyz.com/forward/intl/de_de/images/example.jpg |
http://www.google.de/intl/de_de/images/example.jpg |
http://www.xyz.com/forward/E/index.html |
http://www.lobster.de/index.html |
http://www.xyz.com/forward/example/file.txt |
http://192.168.213.80/dw/Request/urlsuffix/example/file.txt |
http://www.xyz.com/noforward/ |
No forwarding. |
Note: In order to use URL paths with Lobster_data standard contexts
to trigger a profile (default context /dw/trigger/)
for an HTTP request (default context /dw/Request/)
for an AS2 reception (default context /partner/AS2Retrieve/)
, you can set up the CommunicationForwardManager using the entry addStandardServlets in file ./etc/startup_dmz.xml (see section Parameters for Class 'CommunicationForwardManager'). See the following listing .
<
Call
name
=
"addApplication"
>
<
Arg
>
<
New
class
=
"com.ebd.hub.datawizard.app.CommunicationForwardManager"
>
...
<!-- Add /dw/Trigger, /dw/Request (also in lowercase) and /partner servlets on demand -->
<
Call
name
=
"addStandardServlets"
><
Arg
type
=
"boolean"
>True</
Arg
></
Call
>
...
</
New
>
</
Arg
>
</
Call
>
For internal forwarding, the file ./etc/forward.properties could then contain the following, for example.
/dw/Request/*=http://<inner_server_and_port>/dw/Request
Note: It is possible to tunnel HTTP(S) requests via the MessageService. To do so, insert the following option into configuration file ./etc/startup_dmz.xml on the DMZ server . The configuration file ./etc/forward.properties must also be adjusted (as described above) in this case.
<
Set
name
=
"tunnelHttp"
>true</
Set
>
Note: The HttpForwardServlet is also used in HTTP or HTTPS Response Routes of a profile to send via DMZ. This is independent of the configuration described here.
AS2 on DMZ Server
The AS2 service on a DMZ server can be started locally (or not). The parameter handleAS2 in ./etc/startup_dmz.xml is to be set to true or false accordingly (see section Parameters for Class 'CommunicationForwardManager').
AS2 service started (handleAS2=true): AS2 messages are forwarded inwards as a message. If the inner server is (temporarily) not available, the messages are buffered (same for FTP, etc.).
AS2 service not started (handleAS2=false): All AS2 HTTP requests are forwarded inwards and the inner Integration Server sends MDNs and messages. The file ./etc/forward.properties on the DMZ server needs to contain the following for AS2 forwarding.
/partner/*=http://<inner server and port>/partner
or restricted:
/partner/AS2Retrieve/*=http://<inner server and port>/partner/AS2Retrieve
The forwarding for path /partner/... via the HttpForwardServlet is set up when the DMZ server is started if handleAS2=false and addStandardServlets=true. If during startup, handleAS2=true or addStandardServlets=false and the AS2 service is active, path /partner/... will be used by the AS2 service.
In principle, however, a subpath can also be set up under context /forward for forwarding the AS2 requests, which can always be used independently of addStandardServlets and handleAS2. See also section Forwarding HTTP Requests Inwards. In this case, no active AS2 service is required on the DMZ server, because the AS2 requests are passed on to the internal server.
It is also possible to connect individual partners via forwarding of the HTTP(S) request and others via the AS2 service on the DMZ server. To do so, you can start the AS2 service on the DMZ server, set handleAS2=true and additionally set up the following in file ./etc/forward.properties:
/forward/AS2Retrieve/*=http://<inner server and port>/partner/AS2Retrieve |
Partners that connect to path /partner/AS2Retrieve/ are accepted on the DMZ server. If they connect to path /forward/AS2Retrieve/, they are forwarded to the internal AS2 service.