Configuring an external front-end web server for the Application Server

The TrueSight Capacity Optimization installer automatically installs and configures a web server as part of the web application component. Normally, no further configuration is required.

If you need to use TrueSight Capacity Optimization with your own front-end web server, complete the following procedures on this page.

Configuring Apache as a front-end web server

This section contains the following information: 

Prerequisites

  • Ensure that you have installed the Apache Web Server 2.x or later, with the following additional modules: 
    • mod_alias
    • mod_expires
    • mod_headers
    • mod_deflate
    • mod_rewrite 
    • mod_proxy
    • mod_proxy_ajp

  • In the installation directory on the AS computer, open the customenvpre.sh file for editing and add the following:
    USE_EXTERNAL_HTTPD="true"

    export USE_EXTERNAL_HTTPD

    When you are not using the frontend configuration, set USE_EXTERNAL_HTTPD="false".

Connect Apache to the TrueSight Capacity Optimization web console

Important

Due to file permission constraints in TrueSight Capacity Optimization, you must add users with permissions to run the Apache Web Server to the Operating System (OS) user group that has the necessary permissions to run other TrueSight Capacity Optimization components.

Example: In a Linux environment, a privileged user can run the following command, and restart the Apache Web Server:

usermod --append --groups <bco_os_group> <apache_os_user>

Information

Before you proceed, ensure that you can connect to 127.0.0.1 using localhost as a symbolic name on Apache JServ Protocol (AJP) ports.

  1. Perform the following tasks by running the required commands as root. TrueSight Capacity Optimization aliases and directories specified in the table assume Capacity Optimization installation folder as /opt/cpit and Apache configuration stored in /etc/httpd on CentOS or RHEL 7. If your operating system or installation folder is different, replace the documented path with the appropriate path.

    1. Define TrueSight Capacity Optimization web application contexts
      $ cd <new_apache_web_server_install>/etc/httpd/conf.d 

      $ cp /opt/cpit/3rd_party/apache2/conf/bco-vhost.conf

    2. Apply network performance improvements using mod_deflate$ cd <new_apache_web_server_install>/etc/httpd/conf.d 

      $ ln -s /opt/cpit/3rd_party/apache2/conf/deflate.conf deflate.conf

    3. Configure TrueSight Capacity Optimization back-end services

      $ cd <new_apache_web_server_install>/etc/httpd/conf 
      $ ln -s /opt/cpit/3rd_party/apache2/conf/bco-dh-services bco-dh-services

    4. Copy the configuration file to the configuration directory

      $ cd <new_apache_web_server_install>/etc/httpd/conf
      $ cp /opt/cpit/3rd_party/apache2/conf/bco-web 

      When you upgrade TrueSight Capacity Optimization, the upgrade process overwrites the 3rd_party/apache2/conf/bco-web folder. Therefore, copy the configuration file to the configuration directory again.


    5. Configure TrueSight Capacity Optimization if SSL is enabled on port 8443
      $ cd <new_apache_web_server_install>/etc/httpd/conf

      $ cp /opt/cpit/3rd_party/apache2/conf/ssl.conf ssl.conf

      Open the ssl.conf file and modify the paths for the certificates:
      replace

      SSLCertificateFile pki/tls/certs/server.bmc.com.crt
      SSLCertificateKeyFile pki/tls/private/server.bmc.com.key 
      SSLCACertificateFile ../../secure/ca/ca.crt

      with 

      SSLCertificateKeyFile /opt/cpit/3rd_party/apache2/pki/tls/private/server.bmc.com.key
      SSLCertificateFile /opt/cpit/3rd_party/apache2/pki/tls/certs/server.bmc.com.crt
      SSLCACertificateFile /opt/cpit/secure/ca/ca.crt
      Note: If you are planning to use a trusted certificate, update the path to link to the proper certificate.

  2. Navigate to the /etc/httpd/conf directory, open the bco-vhost.conf file, and edit the following parameters:

    1. Search for Listen and check the configured port. Depending on configured port, edit the values:

      HTTPS (8443)

      HTTP (8000)

      replace

      Listen 8443
      <VirtualHost *:8443>

      with

      Listen 443
      <VirtualHost *:443>

      replace

      Listen 8000
      <VirtualHost *:8000>

      with

      Listen 80
      <VirtualHost *:80>

      Do not modify values for ports 8280 and 8380, as they are used by the Capacity Optimization components for the internal communication.

    2. Locate all lines with Header setifempty:
      Header setifempty X-Frame-Options SAMEORIGIN
      Header setifempty X-XSS-Protection "1; mode=block"
      Header setifempty X-Content-Type-Options nosniff
      Header setifempty Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"

      Replace these lines with the following lines:

      Header set X-Frame-Options SAMEORIGIN
      Header set X-XSS-Protection "1; mode=block"
      Header set X-Content-Type-Options nosniff
      Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'"

    3. (For Apache 2.2 only) Locate the following lines:

      <IfModule !mod_ssl.c>
      IncludeOptional conf/ssl.con[f]
      </IfModule>

      Replace these lines with the following lines:

      <IfModule !mod_ssl.c>
      Include conf/ssl.con[f]
      </IfModule>

    4. Save the file.

    5. Restart the Apache Web Server to apply changes.

      Information

      For more details on Apache httpd configuration, see Apache httpd guide.

  3. (For Apache 2.2 only) Navigate to the /etc/httpd/conf directory, open the bco-web file, and replace all occurrences of Require all granted with Allow from all. Save the file.
  4. (For Apache 2.2 when SSL is enabled) Navigate to the /etc/httpd/conf directory, open the ssl.conf file, and remove the section for SSLOpenSSLConfCmd.
  5. If your linux operating system is enforcing security policies for new Apache web server, configure the web server to bid to the additional ports such as 8280, 8380, 8443, or 8000. For more information, see redhat documentation

Configuring global properties to reflect URL change on port 80

This URL is used to send emails (for example, reports) from TrueSight Capacity Optimization with the correct HTTP links. In addition, this URL enables the application to callback itself in some pages/views. 

Ensure that no task is running before you restart the components.

  1. Access the Console as administrator and select Administration > System > Global Configuration page.

  2. Edit the system.web.server.url property and enter the new HTTP URL to connect to TrueSight Capacity Optimization.

    For example,http://<HOSTNAME>/console.

  3. Log in via ssh as cpit on the server where TrueSight Capacity Optimization is installed.
  4. Restart the services to reload the configuration. To do this, access the $CPITBASE folder and run the following command: 
./cpit restart

Related topic

Enabling-TLS-server-certificate-validation-among-the-internal-product-components

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*