And again hours wasted because something in the integration of IIS with Axon.ivy Engine via the AJP protocol does not work 😠. All settings seem to be correct on IIS as well as on Axon.ivy Engine. Hmm... what could it be? I search in vain for meaningful logs. Well... I'll restart the machine and take a coffee break ☕. The break lasts longer than usual, because I don't really want to go back to work, because this IIS is still waiting for me! But now I need go back 😬. So where are we? I'll try again. Wow?! Now it works? The reboot seems to have helped.
We faced this scenario many times when supporting our customers with IIS integration problems via AJP.
But finally we can say that we are no longer dependent on AJP 👍. We are glad to be rid of it now, because AJP is no longer actively developed and also prevents the use of new web features like websockets. In addition, the setup is not easy and in case of configuration errors you are lost.
URL Rewrite with IIS
URL Rewrite has become the de-facto standard for placing a reverse proxy in front of an application server. We already use this successfully with NGINX and Apache http. But IIS has also been able to do URL rewriting for a long time. To do this, the Application Request Routing Module and URL Rewrite must be installed. Then you can easily define the routing rules. A rule defines which requests have to be routed where:
Also with URL Rewrite we still provide a script for auto-setup of the IIS:
Hard nut 🌰 to crack: SSO with URL Rewrite
For a long time we did not manage to cover our Single Sing-on Use Case with IIS and URL Rewrite. And indeed, this is a bit trickier - the board resources of IIS are not sufficient for this. We just want an additional HTTP header to be set by IIS with the currently authenticated user. Technically, the problem is that the URL Rewriting Module runs before the Authentication Module. This can only be solved with a so-called ISAPI filter. Fortunately, there is already one available free of charge - big thanks to helicontech ❤: https://www.helicontech.com/isapi_rewrite/
With it, you can define in the file C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
which headers should be set on the request. We do this with the following entry:
RewriteHeader user: .* %{LOGON_USER}
In addition, you need now to enable SSO explicitly on the Axon.ivy Engine for IIS as well:
https://developer.axonivy.com/doc/dev/engine-guide/integration/single-sign-on/index.html
Axon.ivy Engine 10
We still plan to offer AJP with the next LTS release but have changed the entire documentation to Url Rewrite and also removed the bundling of the *.dll
and *.so
. So you will still be able to run the Axon.ivy Engine 10 with AJP if necessary, but you will have to fall back on the docs and binaries of the Axon.ivy Engine 8. There is no reason to stay on AJP, migrate the integration in the next LTS upgrade.
As always, we are trying to provide good documentation and also for URL Rewrite Integration on IIS we provide a script for auto-configuration:
https://developer.axonivy.com/doc/dev/engine-guide/integration/reverse-proxy/microsoft-iis/index.html
Goodbye AJP
You got on our nerves 😠 from time to time. But you served us for a long time 👌 and passed on countless requests to our magnificent Axon.ivy Engine. Thank you AJP and RIP ☮!