I have 2 IBM HTTP servers with ip's 10.10.10.2 & 10.10.10.3 with http(port 80) and https(port 443). I have also WAS on 10.10.10.4 with http(port 80) and https(port 443). Now, I have to setup the two http servers with single domain name and forward http/https requests of dynamic contents to whebsphere.
I don't know how to do that. Can anyone help me about that with an example or decent document??
I read about virtual hosts and also about http-plugin but i couldn't understand the difference or what is the specific use of each?
HTTPplugin is a WebSphere component that allows the Web Servers to communicate with the WAS Server.
VirtualHost is a configuration inside WAS.
When you deploy any web app, you will associate them with a Virtual Host.
Virtualhost is a collection of supported IP & Port numbers.
In your case, you have a domain name (say test.abc.com that receives requests at 80 and 443)
Create a virtual host that contains two entries
test.abc.com:80
test.abc.com:443
When you deploy a Web App, then associate it with this virtual host.
Generate the generic plugin (i am assuming you have not defined a Web Server configuration in WAS) and copy the generated plugin files to the Web Servers.
The HTTP Plugin would use this plugin file and route requests for Web Apps to the Application Server.
This article is very old but the basics mentioned here still hold true
http://public.dhe.ibm.com/software/dw/wes/pdf/WASWebserverplug-in.pdf
HTH
Manglu
Related
I know this is subjective and opinionated, but I just need something to start off from knowing what the best practices may be.
I've got a MERN application running on localhost with the React script currently running on port 3000 and an Express.js application running on port 3001.
Now I'm about to set it up live on AWS and am wondering if I should create it like:
website.com for the frontend React stuff with nginx routing anything from port 80 to 3000 while it makes calls to api.website.com running on 3001 on the same instance with website.com and `api.website.com having the same IP address.
or
one separate instance for website.com on a different IP address and another instance for api.website.com on a different IP address for API calls? Both are being accessed without having to specify a port.
I'm curious because most of the time I've used APIs, they don't have a separate port, just a subdomain on what I assume was a different IP address and a different instance.
What would be the best way to set this up keeping in mind I want to use SSL?
Serving static applications via SSL is not necessary, but on the other hand, your server application has to be secured. Part of the stack which interacts directly with the database is very crucial and has to be secured against all sorts of vulnerabilities. Only SSL won't do any good unless you follow best practices to secure your node application.
You can use the subdomain for the node application and root domain for the actual site. Also, you can use the 80 port for the website and 443 for your node application by defining different server sections inside your nginx configuration file.
Below are some links where you can find the best practices to follow while deploying node applications on production.
https://www.moveoapps.com/blog/set-node-js-application-production-nginx-reverse-proxy/
https://blog.risingstack.com/node-hero-node-js-security-tutorial/
I would say Nginx exposed to the world, with an SSL certificate and all traffic redirected to port 443.
Everything else bound to 127.0.0.1 and proxied through Nginx. It's simple to set up Nginx to accept requests to api.website.com on port 443 and then proxy them over to 127.0.0.1:3000 or 3001 or whatever.
Then firewall all the other random ports and route absolutely all incoming traffic through Nginx.
I have created a VM behind an external load balancer in Azure and I am using IIS as the reverse proxy webserver to host the asp.net core application.
I am able to access the application inside the VM using localhost but not able to access the same from my client machine through the public ip configured for the loadbalancer.
I have configured loadbalancing rules for incoming traffic on port 80 and port 443 for the loadbalancer and specified appropriate NSGs for those ports.
Before deploying the asp.net core application I was able to access the defaultwebsite from my client machine. so I assume that inbound rules are taken in to account and working fine.
This is a self contained application and since I am able to access the application inside the VM through localhost I assume that the aspnet hosting module and other configuration required is proper.
Please let me know if there is anything else I can be missing.
I guess i have figured out what the issue is.
The Loadbalancer probe for the application is configured to be Http since its a webserver and is instructed to check at the default path "/" and since the application i have created does not serve anything on "/" its considering the node as unhealthy and does not respond or serve anything.
I changed the probe to tcp and it works just fine.
Thanks,
Teja
We are planning to host different docker containers with different liferay web applications in single Ubuntu server with static IP and point them to different websites.what is the easy setup process.
AFAIK you have two choices:
(Easy) Listen different port for each web application:
yoursite.com:8080 --> some web app
yoursite.com:9090 --> another web app
(A bit more work) Use a virtual host approach, where you have just one proxy service listening (maybe port 80). Then configure a subdomain for each of your services and point them to same server and forward the requests in proxy service according to domain names:
app-a.yoursite.com --> localhost:8080 --> some web app
app-b.yoursite.com --> localhost:9090 --> another web app
I have a IBM HTTP Web Server setup as a reverse proxy for a WebSphere application server. We use Oracle Access Manager for user authentication. There is also a Oracle Webgate running on the IHS server to intercept the requests and check them against the Oracle policy.
I can see the authentication going through and Oracle passes back the value needed in an HTTP Header, OAM_REMOTE_USER. The problem is, at some point in the process, that header is not passed on to the WebSphere Application Server.
The Oracle Webgate is monitoring port 8443, but I am not understanding if that means for the Web Server or the App Server since both are on the same physical machine and have the same server name. If I just create a virtual host on the Web Server for 8443 and do not create the port on the App Server, the headers are going through correctly. The problem with this is that I have to use PreserveProxyHeader for the request to go through the WebGate 8443 port, so after authentication it comes back looking for my Application on port 8443, which does not exist on the Web Server. The only way it can find my application on port 8443 is if I also add a port on the App server for that port, which contains the application.
I guess the main thing I am struggling to understand is if I need to define the port Webgate monitors on the HTTP Server and App Server, or if it should only be on the HTTP Server side. It seems like no matter what I do, at some point the request gets redirected from the HTTP Server to the App Server and strips out any OAM HTTP headers that were there. I've managed to prevent them from dropping by removing the 8443 port from the app server, but now my app cannot be mapped to.
This is WebSphere App Server 8.0 and IBM HTTP Server 8.0.0.5.
In the administrative console, click Servers > Server Types > Web servers > web_server_name > Plug-in properties > Request routing. Disable "Remove special headers". Regenerate your plugin configuration XML, and redistribute it.
I am using apache as my front http server which handles requests for JBoss 4.2.2 running as an application server.I have a J2EE application running on JBoss handles mutliple sites requests.
My IP is registered to xyz.com
a request to community1.xyz.com loads site for community1
a request to community2.xyz.com loads site for community2
I have single virtual host configured which listens to default (all requests) in ssl.conf
I need two different SSL certificates to be used for community1 and community2
How can configure 2 Virtual Hosts to with respect to the dns name to do so.
The reason I need to different SSL instead of 1 assigned to *.xyz.com is for the fact that
community2.xyz.com is being redirected from another server mmm.com to my Apache server.
If you want to use two different certificates for the same IP address, you're going to have to use the Server Name Indication (SNI) extension, which is relatively recent (and might not be supported by all browsers, but it seems to work with recent ones).
You'll find more details about the configuration of the Apache Httpd front-end on this Apache wiki page:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
While you can use Server Name Indication (SNI), I would recommend simply getting another IP address because it is not fully supported (people with older browsers wouldn't be able to go to your site).