I want to setup SSL Apache HTTPD -> SSL Weblogic Managed Server.
While opening UI via https Apache HTTPD, getting backend server not available.
Note :
I have ssl module and related modules enabled on httpd end. Weblogic Managed Server SSL is also working because we deployed a middleware component and able to fetch the data from postman/soap UI/curl using https Weblogic Managed server IP and port with API of middleware.
I am able to implement SSL Apache HTTPD -> Non SSL Weblogic Managed Server and can able to open UI with https Apache HTTPD.
Related
I've created another instance of Tomcat(port: 81) to run a different application in a server. Tomcat is running successfully but I want to run apache web server on top of it. So, I copied existing apache in another folder and configured to the another instance of tomcat. I'm facing below error. Your help will be greatly appreciated.
enter image description here
It would appear that both instances are configured to also listen for https connections on the default port (443), i.e. while you may have configured them to listen on different http ports (i.e. 80 and 81), you haven't done the same for https.
First, something else is already using that 443 port, so try 8443.
Also, technically, you can install Tomcat twice using different service names, but why. The beauty of Tomcat is using one installation for multiple applications.
Tomcat is intended to support multiple apps. With a .war file you simply upload your .war file to web apps folder. Tomcat will automatically extract the war file.
To run app as ROOT application, delete the ROOT folder in Tomcat. Rename the .war file for the app you want to install to ROOT.war, it will extract to ROOT folder and you will access it from http://servername:8080, if you kept the default settings of the tomcat connector.
Now, to add a second application, copy a .war file to Tomcat webapps folder, with a different name other than ROOT.war, such as example.war. It will automatically extract the .war file into an example folder. To access that application, go to http://servername:8080/example. You will not have two Tomcat connectors for port 8080, just the 1, and you will access non-ROOT webapps via a context path.
Option 1:
If you want to use TLS in Tomcat, you need to uncomment the 8443 connector in Server.xml. You also need to create a keystore, and put in that keystore information in Server.xml to allow TLS.
Option 2(Doesn’t work with option 1, unless you pick a different port):
If you want a web server with TLS, then set Apache Web Server to listen on 8443, which will also require creating a key store and virtual host file in Apache Tomcat, but leave the Tomcat port at 8080 as it normally would be. Then use virtual host settings on Apache Web Server to proxy to the Tomcat apps (jumping from 8443 to the 8080 ports on the same host with Tomcat only listening on 127.0.0.1 or different hosts with proper network separation so people can’t get around the Web Server). Apache2 would be listening at the Web
Server FQDN.
Example:
Skip the Apache Web Server, and use different context path settings (as needed) for each tomcat application on the single 8443 port. (Make sure Apache2 is no longer using 8443).
ROOT app:
User—>https://servername:8443
App2:
User—>https://servername:8443/app2
Using Apache Web Server, you would proxy from port 8443 to 8080. Apache Web Server listening on 8443, Tomcat listening on 8080. TLS encryption would be at the Web Server. The connection between the Apache2 and Tomcat would be unencrypted on the same server.
This is a pretty thorough example of reverse proxy:
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
User—>https://servername:8443–>http://localhost:8080
In the past, my web application hosted in Weblogic 12c and OHS 12c, the url is http://serverName/webName
SSL is pretty new to me, now I managed to turn on
1. SSL in Weblogic, web application can access through https://serverName:7002/webName
2. SSL in OHS virtual host on port 4443, vertified using https://serverName:4443
Now I am having challenge making my web application accessible through https://serverName:4443/webName or https://serverName/webName. Need guidance on how to edit OHS configuration (ssl.conf, mod_wl_ohs.conf, httpd.conf, etc) to achieve above.
You also need to enrich your mod_wl_ohs.conf with the following 2 directives :
SecureProxy ON
WLSSLWallet "/path/to/wallet/directory/as/defined/in/your/ssl/conf/file"
You may find more details on these directives here :
https://docs.oracle.com/cd/E28280_01/web.1111/e10144/directives.htm#CIHFAAJB
But if you would like for the "https://serverName/webName" to work, since the default port for SSL is 443, you need to change OHS listening port from 4443 to 443 inside ssl.conf
I have a web application that's running inside a docker container.
It's written in Play Framework. My host is an Ubuntu 16.04 server with apache. Docker application use the nginx server. The port 443 is directed to that container. SSL in my Apache server is turned off. Now when i try visiting my domain with https the browser give the warning which is annoying.
So i got some free certificates from sslforfree.com and used it with the docker application but still the warnings come up. Do i need to use those certificates in the apache server too?
Yes.
Your browser speaks with Apache server trying to establish an SSL communication at first, then Apache will try to forward the request to your docker container.
So, indeed, it's only mandatory to secure your Apache instead of the container to have the browser not complaining.
I am configuring load balancing using httpd which will connect to jboss using AJP (mod_jk connector).
My Jboss is running using SSL and httpd is not with SSL.
How can I establish communication from http httpd to https jboss?
Any help appreciated.
I have enable https in httpd so that it can route to the https of jboss properly. And it has started working as expected.
Instead of using mod_jk, have you considered using mod_cluster? It fits well with JBoss and serves sticky session and session replication as well.
I am getting started now on adding SSL login pages to my webapp. I am using apache mod_proxy to proxy tomcat.
Some tutorials showed that I need to get an SSL certificate for apache and proxy my login pages to tomcat on port 8443.
Is port 8443 automatically an encrypted SSL port for tomcat? Do I need both an apache certificate and a tomcat certificate?
Andy
As far as the browser is concerned, Apache Httpd will "terminate" the SSL/TLS connection to your web server. Whether the content it serves is in fact coming from Tomcat doesn't matter to the browser. The browser will only see as far as Apache Httpd in that scenario. If it is set up with a certificate recognised by the browser, this is sufficient.
In addition to this, you may want to encrypt the connection between Apache Httpd and Tomcat. This is only really useful if you don't trust the network between the two (rarely useful on the same host, for example). I don't think mod_proxy_ajp supports SSL/TLS, but mod_proxy_http does, in which case you need to configure the SSLProxy* directives (see introduction): Apache Httpd will be a client in that respect, and Tomcat will need to be configured with a certificate in this case.
If you don't need to encrypt the link between Apache Httpd and Tomcat, the easiest is probably to use mod_proxy_http as a reverse proxy to the plain HTTP port of Tomcat (and make sure that port can't be accessed externally, via a firewall for example).