<!DOCTYPE html> <!-- | Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/xdoc/configuration/proxy.xml at 2025-02-23 | Rendered using Apache Maven Fluido Skin 1.12.0 --> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" /> <meta name="author" content="Miguel Moquillon" /> <title>Silverpeas Project Web Site – Configuring Silverpeas behind an Apache or an Nginx reverse-proxy</title> <link rel="stylesheet" href="../css/apache-maven-fluido-1.12.0.min.css" /> <link rel="stylesheet" href="../css/site.css" /> <link rel="stylesheet" href="../css/print.css" media="print" /> <script src="../js/apache-maven-fluido-1.12.0.min.js"></script> <!-- Google Analytics --> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-2015926-3', 'auto'); ga('send', 'pageview'); ga('set', 'anonymizeIp', true); ga('set', 'forceSSL', true); </script> <style>.github-fork-ribbon:before { background-color: orange; }</style> </head> <body class="topBarEnabled"> <a class="github-fork-ribbon right-top" href="https://github.com/Silverpeas" data-ribbon="Fork me on GitHub" title="Fork me on GitHub">Fork me on GitHub</a> <header id="topbar" class="navbar navbar-fixed-top navbar-inverse"> <div class="navbar-inner"> <div class="container"> <a data-target=".nav-collapse" data-toggle="collapse" class="btn btn-navbar"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </a> <nav class="nav-collapse"> <ul class="nav"> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown">Silverpeas <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="../intro.html" title="About">About</a></li> <li><a href="../product/features.html" title="Key Features">Key Features</a></li> <li class="dropdown-submenu"> <a href="../product/applications.html" title="Applications">Applications</a> <ul class="dropdown-menu"> <li><a href="../product/social_network.html" title="Social Network">Social Network</a></li> <li><a href="../product/documentation_management.html" title="Electronic Documentation Management">Electronic Documentation Management</a></li> <li><a href="../product/content_management.html" title="Content Management">Content Management</a></li> <li><a href="../product/data_collection.html" title="Data Collection">Data Collection</a></li> <li><a href="../product/gallery.html" title="Pictures Management">Pictures Management</a></li> <li><a href="../product/knowledge_management.html" title="Knowledge Management">Knowledge Management</a></li> <li><a href="../product/project_documentation.html" title="Project Documentation">Project Documentation</a></li> </ul> </li> <li><a href="../screenshots.html" title="Screenshots">Screenshots</a></li> <li class="dropdown-submenu"> <a href="../installation/index.html" title="Install Silverpeas">Install Silverpeas</a> <ul class="dropdown-menu"> <li><a href="../installation/installationV6.html" title="Installation of Silverpeas 6">Installation of Silverpeas 6</a></li> <li><a href="../installation/cloud.html" title="Silverpeas in the Cloud">Silverpeas in the Cloud</a></li> <li><a href="../installation/webdav.html" title="Online Edition of Documents">Online Edition of Documents</a></li> </ul> </li> <li class="dropdown-submenu"> <a href="../#" title="Our versions">Our versions</a> <ul class="dropdown-menu"> <li><a href="https://tracker.silverpeas.org/projects/silverpeas/roadmap" title="Roadmap">Roadmap</a></li> <li><a href="https://tracker.silverpeas.org/projects/silverpeas/roadmap?completed=1&with_subprojects=1" title="Changelog">Changelog</a></li> <li><a href="../releasenotes.html" title="Release Notes">Release Notes</a></li> </ul> </li> <li><a href="../scm.html" title="Source Code">Source Code</a></li> <li class="dropdown-submenu"> <a href="../#" title="Some Configuration Tips">Some Configuration Tips</a> <ul class="dropdown-menu"> <li><a href="../configuration/ldap.html" title="LDAP Synchronization">LDAP Synchronization</a></li> <li><a title="Configuring a reverse-proxy">Configuring a reverse-proxy</a></li> </ul> </li> <li><a href="../faq.html" title="FAQ">FAQ</a></li> </ul> </li> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown">Silverpeas Projects <b class="caret"></b></a> <ul class="dropdown-menu"> <li class="dropdown-submenu"> <a href="../#" title="Global information">Global information</a> <ul class="dropdown-menu"> <li><a href="../intro.html" title="About Silverpeas">About Silverpeas</a></li> <li><a href="../team.html" title="Team">Team</a></li> <li><a href="../mailing-lists.html" title="Mailing List">Mailing List</a></li> <li><a href="../issue-management.html" title="Issue Tracking">Issue Tracking</a></li> <li><a href="../source-repository.html" title="Source Repository">Source Repository</a></li> <li><a href="../ci-management.html" title="Continuous Integration">Continuous Integration</a></li> </ul> </li> <li><a href="../docs/core/index.html" title="Silverpeas Core">Silverpeas Core</a></li> <li><a href="../docs/components/index.html" title="Silverpeas Applications">Silverpeas Applications</a></li> </ul> </li> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown">How to contribute <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="../dev/collaboration.html" title="Contribution">Contribution</a></li> <li><a href="../dev/quality.html" title="Code Quality">Code Quality</a></li> <li><a href="../dev/ldap_testing.html" title="Testing the LDAP code">Testing the LDAP code</a></li> </ul> </li> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown">Licensing <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="../legal/licensing_gnu_affero.html" title="License">License</a></li> <li><a href="../legal/licensing_faq.html" title="Licensing FAQ">Licensing FAQ</a></li> <li><a href="../legal/floss_exception.html" title="FLOSS Exception">FLOSS Exception</a></li> <li><a href="../legal/trademark.html" title="Silverpeas Trade Mark">Silverpeas Trade Mark</a></li> </ul> </li> </ul> </nav> <div class="nav-collapse"> </div> </div> </div> </header> <div class="container container-top"> <header> <div id="banner"> <div class="pull-left"><a href="https://www.silverpeas.org/" id="bannerLeft"><img src="../images/logo-silverpeas.png" alt="Silverpeas" style="" /></a></div> <div class="pull-right"></div> <div class="clear"><hr/></div> </div> <div id="breadcrumbs"> <ul class="breadcrumb"> <li><a href="https://www.silverpeas.org" class="externalLink" title="Silverpeas">Silverpeas</a><span class="divider">/</span></li> <li class="active ">Configuring Silverpeas behind an Apache or an Nginx reverse-proxy</li> <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2025-02-23</li> <li id="projectVersion" class="pull-right">Version: 6.4.2</li> </ul> </div> </header> <main id="bodyColumn" > <section> <h2><a name="Introduction"></a>Introduction</h2> <p>A reverse-proxy is usually used to give a single one-point access to different services or applications. It is also used to handle TLS connections and then the required certificates. </p> <p> The configuration of Silverpeas behind an Apache or an Nginx reverse-proxy is quite straightforward.<br /> In this example we want to configure a reverse-proxy that is handling TLS and proxyfying a Silverpeas running in a Wildfly server on port 8000. </p> </section> <section> <h2><a name="Apache_Configuration"></a>Apache Configuration</h2> <p>Defines the configuration of your site as following. The [...] means your own specific configuration for your site and that isn't covered by this document.</p> <div class="source"><pre class="prettyprint"> <VirtualHost site.domaine.tld:443> ServerName site.domaine.tld:443 [...] SSLEngine On SSLProxyEngine On SSLCertificateFile PATH_OF_YOUR_CRT SSLCertificateKeyFile PATH_OF_YOUR_CERTIFICATE_KEY SSLCertificateChainFile PATH_OF_YOUR_CERTIFICATE_CHAIN_PEM SSLVerifyClient None SSLCipherSuite !ADH:!DSS:!RC4:HIGH:+3DES SSLCompression Off SSLHonorCipherOrder On SSLProtocol all -SSLv2 -SSLv3 ProxyTimeout 300 ProxyVia Off ProxyRequests Off ProxyPreserveHost On # Silverpeas ProxyPass /weblib http://127.0.0.1:8000/weblib ProxyPassReverse /weblib http://127.0.0.1:8000/weblib ProxyPass /silverpeas http://127.0.0.1:8000/silverpeas ProxyPassReverse /silverpeas http://127.0.0.1:8000/silverpeas ProxyPass /website http://127.0.0.1:8000/website ProxyPassReverse /website http://127.0.0.1:8000/website ProxyPass /help_fr http://127.0.0.1:8000/help_fr ProxyPassReverse /help_fr http://127.0.0.1:8000/help_fr RewriteEngine On RewriteRule ^/$ /silverpeas [R,L] Header set Access-Control-Max-Age "1000" Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, X-STKN" # This parameter is important for Wildfly Header set X-Forwarded-Proto "https" [...] </VirtualHost> </pre></div> </section> <section> <h2><a name="Configuring_Nginx"></a>Configuring Nginx</h2> <p>Defines the configuration of your site as following. The [...] means your own specific configuration for your site and that isn't covered by this document.</p> <div class="source"><pre class="prettyprint"> [...] server { listen 443; server_name site.domaine.tld; [...] ssl on; ssl_certificate_key PATH_OF_YOUR_CERTIFICATE_KEY; ssl_certificate PATH_OF_YOUR_CERTIFICATE_CHAIN_PEM; ssl_stapling on; ssl_stapling_verify on; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; client_max_body_size 2048M; location / { proxy_pass http://127.0.0.1:8000/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } rewrite ^/$ /silverpeas break; [...] } </pre></div> </section> <section> <h2><a name="Configuring_Wildfly"></a>Configuring Wildfly</h2> <section> <h3><a name="In_a_non_TLS_mode"></a>In a non TLS mode</h3> <p>Now, you just have to update one attribute of the HTTP listener of the Undertow Web server embedded in Wildfly. For doing, go to the <code>JBOSS_HOME/bin</code> directory and, run Wildfly in administration mode only, enable the proxy forwarding and then stop Wildfly:</p> <div class="source"><pre class="prettyprint"> $ ./standalone.sh -c standalone-full.xml --admin-only & [...] $ ./jboss-cli.sh --connect -c "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)" {"outcome" => "success"} $ ./jboss-cli.sh --connect -c "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket)" {"outcome" => "success"} $ ./jboss-cli.sh --connect -c "shutdown" </pre></div> </section> <section> <h3><a name="In_TLS_mode"></a>In TLS mode</h3> <p>Now, you just have to create a configuration for a socket binding to handle TLS connections (here <code>proxy-https</code>) and then update the HTTP listener of the Undertow Web server embedded in Wildfly. For doing, go to the <code>JBOSS_HOME/bin</code> directory and, run Wildfly in administration mode only, create and use a socket binding for TLS connections, and enable the proxy forwarding, and then stop Wildfly:</p> <div class="source"><pre class="prettyprint"> $ ./standalone.sh -c standalone-full.xml --admin-only & [...] $ ./jboss-cli.sh --connect -c "/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)" {"outcome" => "success"} $ ./jboss-cli.sh --connect -c "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)" {"outcome" => "success"} $ ./jboss-cli.sh --connect -c "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)" {"outcome" => "success"} $ ./jboss-cli.sh --connect -c "shutdown" </pre></div> </section> </section> </main> </div> <hr/> <footer> <div class="container"> <div class="row"> <div class="license"> <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/"><img alt="Licence Creative Commons" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/88x31.png" /></a>. </div> </div> <p id="poweredBy" class="pull-right"><a href="https://netbeans.apache.org/download/index.html" title="IDEA IntelliJ" class="builtBy"><img class="builtBy" alt="IDEA IntelliJ" src="../images/logos/intellij-idea-logo.png" style="" /></a> <a href="https://www.eclipse.org" title="Eclipse" class="builtBy"><img class="builtBy" alt="Eclipse" src="../images/logos/logo_eclipse.png" style="" /></a> <a href="https://maven.apache.org/" title="Maven" class="builtBy"><img class="builtBy" alt="Maven" src="../images/logos/logo_maven.png" style="" /></a> <a href="https://izpack.org/" title="Izpack" class="builtBy"><img class="builtBy" alt="Izpack" src="../images/logos/logo_izPack.png" style="" /></a> </p> </div> </footer> <script> if(anchors) { anchors.add(); } </script> </body> </html>