Home

 

Configure a reverse caching proxy

 

+

Search Tips   |   Advanced Search


Overview

For optimal performance on a WAN, configure a reverse proxy for your Lotus Connections deployment. This is an optional configuration.

Caching Proxies off-load unnecessary traffic from the WebSphere Application Servers

70% of network traffic to LC is Feed Polling, which can be served by caching proxies.


Set up

  1. Configure IBM WebSphere Edge Components v6.1.

    Edge Components are bundled with WebSphere Application Server Network Deployment.

  2. Set up a target backend server

  3. Create an administrator account.

Take care with edge caching no-cache directives to avoid exposing secure content to the public if it is not configured correctly.

A reverse proxy configuration intercepts requests from Lotus Connections users, forwards them to the appropriate content host, caches the returned data, and delivers that data to the users. The proxy delivers requests for the same content directly from the cache, which is much quicker than retrieving it again from the content host. Information can be cached depending on when it will expire, how large the cache should be, and when the information should be updated. (Excerpted from the WebSphere Edge Components information center.)

The IBM WebSphere Application Server Edge components provide a caching proxy that you can use to optimize your deployment. Edge components are provided with the WebSphere Application Server Network Deployment software.

This topic describes how to configure the Edge components to optimize the performance of Lotus Connections.

  1. Open the ibmproxy.conf configuration file for the Edge components in a text editor. The file is stored in the following directory:

    • AIX or Linux/etc/

    • Microsoft WindowsC:\Program Files\IBM\edge\cp\etc\

  2. Make the following edits to the file:

    1. In the Mapping rules section, add or enable the following line:

      Pass /pub/* C:\IBM\edge\cp\server_root\pub\*

      Proxy http:*

    2. In the SendRevProxyName Directive section, add or enable the following rule:

      SendRevProxyName yes

    3. In the PureProxy Directive section, add or enable the following rule:

      PureProxy off

    4. In the SSL Directives section, add or enable the following rules:

      SSLEnable On
      SSLCaching On

    5. In the Keyring Directive section, add or enable the following rules:

      KeyRing C:\ProxyKey\proxykey.kdb
      KeyRingStash C:\ProxyKey\proxykey.sth

    6. In the Mapping Rules section, add the following reverse pass rules:

      ReversePass http://<httpserver>/* http://<proxyserver>/*
      ReversePass https://<httpserver>/* https://<proxyserver>/*

      ..where <httpserver> is the host name of the HTTP server. The HTTP server is usually IBM HTTP Server, but could be a load balancer or another proxy, depending on your deployment. <proxyserver> is the host name of the proxy server. See the following table for examples:


      Sample reverse proxy settings

      Server without proxy Proxy server
      http://no-proxy.example.com/* http://proxy.example.com/*
      https://no-proxy.example.com/* https://proxy.example.com/*
      http://no-proxy.example.com/activities* http://proxy.example.com/activities*
      https://no-proxy.example.com/activities* https://proxy.example.com/activities*
      http://no-proxy.example.com/blogs* http://proxy.example.com/blogs*
      https://no-proxy.example.com/blogs* https://proxy.example.com/blogs*
      http://no-proxy.example.com/communities* http://proxy.example.com/communities*
      https://no-proxy.example.com/communities* https://proxy.example.com/communities*
      http://no-proxy.example.com/dogear* http://proxy.example.com/dogear*
      https://no-proxy.example.com/dogear* https://proxy.example.com/dogear*
      http://no-proxy.example.com/profiles* http://proxy.example.com/profiles*
      https://no-proxy.example.com/profiles* https://proxy.example.com/profiles*
      http://no-proxy.example.com/homepage* http://proxy.example.com/homepage*
      https://no-proxy.example.com/homepage* https://proxy.example.com/homepage*
      http://no-proxy.example.com/files* http://proxy.example.com/files*
      https://no-proxy.example.com/files* https://proxy.example.com/files*
      http://no-proxy.example.com/wikis* http://proxy.example.com/wikis*
      https://no-proxy.example.com/wikis* https://proxy.example.com/wikis*
      http://no-proxy.example.com/search* http://proxy.example.com/search*
      https://no-proxy.example.com/search* https://proxy.example.com/search*
      http://no-proxy.example.com/mobile* http://proxy.example.com/mobile*
      https://no-proxy.example.com/mobile* https://proxy.example.com/mobile*
      http://no-proxy.example.com/news* http://proxy.example.com/news*
      https://no-proxy.example.com/news* https://proxy.example.com/news*
      http://no-proxy.example.com/ibm_semanticTagServlet* http://proxy.example.com/ibm_semanticTagServlet*
      https://no-proxy.example.com/ibm_semanticTagServlet* https://proxy.example.com/ibm_semanticTagServlet*

      You can only specify * in the URL to indicate that all URLs for the server can be passed if Lotus Connections is the only application installed on the server. Or you can use a more specific URL such as http://<httpserver>/connections. More than one ReversePass rule can be used if you need to specify different servers for each component.

    7. Set the CacheTimeMargin rule to zero seconds. When a document's expiry date is set to “soon” and soon is defined by the CacheTimeMargin rule, setting this rule to zero disables the calculation and forces all documents to be cached regardless of their expiry date. This setting is required for Blogs caching to function properly; it does not negatively affect the other applications.

      CacheTimeMargin 0s

    8. Prevent the validation of a cache object from sending multiple requests for the same resource to the backend server by setting the KeepExpired rule to

      on

      An expired or stale copy of the resource will be returned for the brief time that the resource is being updated on the proxy.

      KeepExpired On

    9. In the Method Directives section, add the following methods:

      Enable CONNECT

      Enable PUT

      Enable DELETE

    10. In the Mapping rules section, add the following proxy rules:


      Mapping rules for Lotus Connections

      Map rules
      Proxy /activities* http://no-proxy.example.com/activities* :80
      Proxy /activities* https://no-proxy.example.com/activities* :443
      Proxy /blogs* http://no-proxy.example.com/blogs* :80
      Proxy /blogs* https://no-proxy.example.com/blogs* :443
      Proxy /communities* http://no-proxy.example.com/communities* :80
      Proxy /communities* https://no-proxy.example.com/communities* :443
      Proxy /dogear* http://no-proxy.example.com/dogear* :80
      Proxy /dogear* https://no-proxy.example.com/dogear* :443
      Proxy /profiles* http://no-proxy.example.com/profiles* :80
      Proxy /profiles* https://no-proxy.example.com/profiles* :443
      Proxy /homepage* http://no-proxy.example.com/homepage* :80
      Proxy /homepage* https://no-proxy.example.com/homepage* :443
      Proxy /files* http://no-proxy.example.com/files* :80
      Proxy /files* https://no-proxy.example.com/files* :443
      Proxy /wikis* http://no-proxy.example.com/wikis* :80
      Proxy /wikis* https://no-proxy.example.com/wikis* :443
      Proxy /search* http://no-proxy.example.com/search* :80
      Proxy /search* https://no-proxy.example.com/search* :443
      Proxy /mobile* http://no-proxy.example.com/mobile* :80
      Proxy /mobile* https://no-proxy.example.com/mobile* :443
      Proxy /news* http://no-proxy.example.com/news* :80
      Proxy /news* https://no-proxy.example.com/news* :443
      Proxy /ibm_semanticTagServlet* http://no-proxy.example.com/ibm_semanticTagServlet* :80
      Proxy /ibm_semanticTagServlet* https://no-proxy.example.com/ibm_semanticTagServlet* :443

    11. The Activities server places the following private caching header in the responses of ATOM2 feed requests: Cache-Control: private,max-age=0,must-revalidate. By design, the proxy server does not attempt to cache privately cacheable responses. However, the proxy server also does not forward If-Modified-Since headers to the application server on subsequent requests for the content. As a result, Activities application code that is specifically designed to skip database access when content has not changed and return HTTP 304 responses, instead always accesses the database and returns a 200 response. As a workaround, the proxy server should be explicitly instructed not to attempt to cache these ATOM2 requests. To do so, add the following rule to the configuration file

        NoCaching http://*/activities/service/atom2/*
        

      Adding this directive allows the proxy server to forward the request to the application server with the If-Modified-Since header intact, which the server can then validate to determine if additional processing is necessary.

  3. Save and close the ibmproxy.conf file.

  4. Update the dynamicHosts attribute in the LotusConnections-config.xml file to reflect the URL of the proxy server:

    <dynamicHosts enabled="true">

    <host href="http://proxy.example.com"

    ssl_href="https://proxy.example.com"/>

    </dynamicHosts>

  5. Restart the Edge server.


Post-installation tasks

 

Related reference


Wiki - reverse-proxy