I am using service fabric sdk 2.5 with VS 2015. I have seen the article How to configure and enable Azure Service Fabric Reverse Proxy for an existing on-premises cluster? and tried to access my service via reverse proxy. But I am getting a message "Unable to connect". I have the below settings in FabricHostSettings.xml
<Parameter Name="HttpApplicationGatewayListenAddress" Value="19081" />
<Parameter Name="HttpApplicationGatewayProtocol" Value="http" />
Can anyone help to test reverse proxy setup in local dev cluster
Reverse proxy appears enabled by default now for local dev cluster. Check clusterManifest.xml and FabricHostSettings.xml in C:\SfDevCluster\Data for configured ports. Default is 19081.
Related
I am using Payara micro community edition to deploy a microservice REST APIs. I need to enable AJP port so that the Apache proxy server listens to the AJP port 8192.
java -jar payara-micro-5.2020.5.jar --deploydir ./payara/webapps --rootDir ./payara --postbootcommandfile ./payara/postboot.txt
./payara/webapps folder contains the microservice WAR file.
postboot.txt content:
create-network-listener --protocol http-listener-1 --listeneraddress 0.0.0.0 --listenerport 8192--jkenabled true jk-connector
The command execution has no issues and following ports are enabled "Http Port(s)": "8080, 8192".
I am able to use the microservice APIs locally (http://localhost:8192/). But the requests from Apache proxy shows Bad Gateway error.
Am I missing some configuration for AJP port enabling in Payara Micro?
AJP port is enabled for Payara by adding this line in the domain.xml
<network-listener protocol="jk-listener" jk-enabled="true" port="8192" name="jk-connector" thread-pool="http-thread-pool" transport="tcp"></network-listener>
I have installed the trail MMC. depolyed 2 application there. 1 using mule console and second using Cloudhub(target- configured mmc server there).
what would be the url for both.
tomcat is running on port :8585
serverName: himserver-onpromice
applicationName deployed using mmc console: findName
applicationName deployed using clouhub console: getMyName
I checked with below but not working,..
http://himserver-onpromice:8585/getMyName/
MMC is on-premise deployment and hence it will use the ports configured inside your mule application. If we assume you are using HTTP listener connector as input source then you should use the configured port for it. The default port is 8081 (on cloud default port is 80). Hence, in this case URL should be: http://himserver-onpromice:8081/findName/getMyName/
I currently have a WildFly 9 cluster up and running with access to my application over port 8080, I would like to set up SSL and have access only on port 8443, but I cannot seem to find any documentation for where the security realm and https listener are placed in Domain mode.
I have the keystore and certificate all set up and was able to get https working in a demo using standalone mode, but I need to be able to do it in domain mode.
Can anyone help me out and share how they've accomplished this?
Solved it! It turns out for some reason JBoss was not registering my Security Realm and HTTPS listener. To do this you need to use bin/jbosscli and the commands:
RUN THE "CONNECT" COMMAND FIRST
/host=master/core-service=management/security-realm=SSLRealm/:add()
---where SSLRealm is the name of the realm
/host=master/core-service=management/security-realm=SSLRealm/server-identity=ssl/:add(keystore-path=Keystore.jks, keystore-relative-to=jboss.domain.config.dir, keystore-password=password)
---this assumes the keystore lives in the domain/configuration directory
Restart the server.
I then ran into issues figuring out the command to register the HTTPS listener, but I found the WildFly web console at serverURL:9990 has a way to do it too:
Once logged in to the webconsole
Configuration->Profiles->for each profile which is used->Undertow->HTTP->View
From there
HTTP Server->default-server->view
Finally
HTTPS Listener->ADD enter a name like: default-https, Security Realm: the name chosen for the security realm (for this example SSLRealm), Socket Binding: https and click save
Restart again
You should now have access at your serversURL:8443
To set it up on slave servers you should only need to copy the keystore to each slave servers domain/configuration and then add the security realm replacing /host=master/ with /host=slave/ in the command. And then restart the server.
Double check the Domain.xml file on the slave has the https listener you created originally in the webconsole (it should automatically be put into all of the clusters domain.xml files)
Our architecture is:
external users<---https--->web server(Apache HTTP server)<----->webapp server (tomcat)
We fail to pass the IBM AppScan, which is used to detect any security defects in webapp server, because it finds our tomcat server.xml file is not added the secure="yes" attribute in our port.
However the secure="yes" attribute should not be added to the tomcat server.xml file because we do not need a secure connection between web server and webapp server.
How can we fix the issue?
Are there any secure="yes" attribute can be added to the configuration file of web server(Apache HTTP server)?
Thanks & Regards,
Gordon
If your users are accessing Tomcat (indirectly) through Apache httpd using TLS (https:// URL) then it is entirely appropriate to set secure="true" in your <Connector>. This tells your web application that the request being received is secure even when it is not (e.g. you are using plain-HTTP between httpd and Tomcat).
So, if you have set scheme="https" on your <Connector> then you probably want to also set secure="true".
This is not a configuration change that you can make on the Apache httpd side... it must be done in Tomcat.
I installed ActiveMQ 5.5.0 on my Windows machine, and it had a web console (http://localhost:8161/admin) working out of the box.
Then I installed ActiveMQ (same version) on a remote Linux box (IP: AAA.BBB.CCC.DDD), but whenever I point the browser to
http://AAA.BBB.CCC.DDD:8161/admin
I get the "Unable to connect" error in the browser.
The network connection is there, I can connect to AAA.BBB.CCC.DDD via ssh and to another web application running on the same server.
Therefore I think that the cause of the problem is wrong configuration of the embedded Jetty server of ActiveMQ.
How can fix the problem, i. e. enable the access to the web console from a remote browser?
In your ActiveMQ config file you should see something like:
<import resource="${activemq.base}/conf/jetty.xml"/>
This starts up an embedded Jetty container with the web console.
If you start the broker on the console, you should see the following if everything works
INFO | ActiveMQ WebConsole initialized.
INFO | Initializing Spring FrameworkServlet 'dispatcher'
INFO | ActiveMQ Console at http://0.0.0.0:8161/admin
into /opt/activemq/apache-activemq-5.16.3/conf
open jetty.xml
change
<property name="host" value="127.0.0.1"/>
to
<property name="host" value="0.0.0.0"/>
restart activemq
I used this approach on a linux server running in VM but can be applied to any instance
Check whether 8161 port is opened for external connection. Also check whether another service creating a conflict.
If there is a conflict
change the jetty port in the {activemqfolder}/conf/jetty.xml.
locate the line that contains the 8161 and change it to the desirable port
To enable external connections to the port (in this instance i choose 8169) use
sudo iptables -I INPUT -p tcp --dport 8169 -j ACCEPT
Proceed to start the activemq ie {activemqfolder}/bin/activemq console to see the messages