I am using apache as my front http server which handles requests for JBoss 4.2.2 running as an application server.I have a J2EE application running on JBoss handles mutliple sites requests.
My IP is registered to xyz.com
a request to community1.xyz.com loads site for community1
a request to community2.xyz.com loads site for community2
I have single virtual host configured which listens to default (all requests) in ssl.conf
I need two different SSL certificates to be used for community1 and community2
How can configure 2 Virtual Hosts to with respect to the dns name to do so.
The reason I need to different SSL instead of 1 assigned to *.xyz.com is for the fact that
community2.xyz.com is being redirected from another server mmm.com to my Apache server.
If you want to use two different certificates for the same IP address, you're going to have to use the Server Name Indication (SNI) extension, which is relatively recent (and might not be supported by all browsers, but it seems to work with recent ones).
You'll find more details about the configuration of the Apache Httpd front-end on this Apache wiki page:
http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
While you can use Server Name Indication (SNI), I would recommend simply getting another IP address because it is not fully supported (people with older browsers wouldn't be able to go to your site).
Related
when https is used on openshift, is my tomcat behind an apache server?
I mean does my clients connect to my tomcat directly or they connect to the apache server, and then the apache server connect to my tomcat through AJP connector?
If apache is the man in the middle, then I will not get my clients' IP address directly, but with x-forward http header. And I lose the control over certificate verification and trust management. At present, I am using mochahost's server. https does not get to my tomcat, but intercepted by an apache. I hate this.
Previously, I used another hosting service, even 2 apache servers are at front of my tomcat server. Even more ridiculous that 2 apache servers and my tomcat servers are on the same machine. This kind of configuration can only show the system architecture does not have the right ability to manage the whole thing.
By the way, I am talking about the Bronze/Silver plan. I guess Openshift is not different though I have not tried it yet. Anyone has a clear answer to my question?
https is against the man in the middle, but with tomcat server, in this world, there is no service that you can avoid the man in the middle. It is not because technology does not allow, but the people in charge does not really understand the thing, so not able and not willing to provide the right service.
I want to ask: if you use tomcat server, is there any hosting service provider who does not act as a man in the middle? No. There is none on this world at present (May 2014)!
jack
There is an apache reverse proxy located in front of your tomcat instance that does ssl termination. The Apache instance is at the node level, then tomcat runs on your gear.
I have 2 IBM HTTP servers with ip's 10.10.10.2 & 10.10.10.3 with http(port 80) and https(port 443). I have also WAS on 10.10.10.4 with http(port 80) and https(port 443). Now, I have to setup the two http servers with single domain name and forward http/https requests of dynamic contents to whebsphere.
I don't know how to do that. Can anyone help me about that with an example or decent document??
I read about virtual hosts and also about http-plugin but i couldn't understand the difference or what is the specific use of each?
HTTPplugin is a WebSphere component that allows the Web Servers to communicate with the WAS Server.
VirtualHost is a configuration inside WAS.
When you deploy any web app, you will associate them with a Virtual Host.
Virtualhost is a collection of supported IP & Port numbers.
In your case, you have a domain name (say test.abc.com that receives requests at 80 and 443)
Create a virtual host that contains two entries
test.abc.com:80
test.abc.com:443
When you deploy a Web App, then associate it with this virtual host.
Generate the generic plugin (i am assuming you have not defined a Web Server configuration in WAS) and copy the generated plugin files to the Web Servers.
The HTTP Plugin would use this plugin file and route requests for Web Apps to the Application Server.
This article is very old but the basics mentioned here still hold true
http://public.dhe.ibm.com/software/dw/wes/pdf/WASWebserverplug-in.pdf
HTH
Manglu
Hi have multiple domain for one web application hosted on tomcat. My server is managed with web host manager and cPanel. This domains are configured ok and shows web applications if you type domain with or without www
Now I want to do this configuration. If somebody type w.domain.com, ww.domain.com or wwww.domain.com go to web application too.
I don't know where I must do this configuration. Must I add CNAME register on DNS with 1,2 and 4 W? Or some configuration on apache?
Regards.
Both. The CNAME is just a reference to the record for the IP that the dns system will resolve for you. The Apache server still sees "w" "ww" or "wwww" coming in.
However, it is quite likely that the Apache is configured to accept *.domain.com which means you do not need to change anything.
Strange error with an Project using dojo:
if i call : http://localhost/project everything works like expected.
if i call : http://127.0.0.1/project everything works like expected.
if i call : http://192.168.2.1/project i get the following error (ONLY in IE6!):
"Bundle not found, locale.."
Any ideas?
Iam running Zend Server CE with PHP 5.2
if i add: 192.168.2.1 to "hosts" it works (windows)
Sounds like Zend server is performing some kind of virtual site support using the site name as a partial domain.
I can't say 100% if/how it is beacuse I don't use Zend, but I can explain the principle using Apache as an Example.
There are 3 ways in which a web site can be virtually hosted under a single web server application, this applies to most servers on the market today, Apache, IIS, nginx and many others.
It all boils down to one thing, giving one running server application instance the ability to host multiple individual websites.
The 3 methods of seperating sites are as follows:
By IP address : If you have multiple IP addresses (Usually -but not always beacuse you have multiple network interface cards) then you can tell your server application to listen to one IP for one site, another IP for another site and so on. If you browse to one IP you'll get one site, and likewise the other on the other IP.
By Port Number : If your using only one IP address, then you can bind to multiple port numbers, port 80 is generally the default for web servers, but by browsing to an address and pinning the port number on the end (http://mysite.com:99) you'll force the browser to use that port. You can then have multiple websites listening on different ports and select them manually at browse time as required.
By Host Name Header: This is by far the most common way of supporting multiple sites, all web servers that understand the HTTP/1.1 protocol have to obey a header field in the request that contains the host name, when a request comes in for EG: http://mysite,com/ then there will be an entry in the request header that looks like 'Host: mysite.com' the webserver can then use that to say, oh yes.. I know which one that is.. and it then selects and serves the correct website.
The problems start to arise however when you start to use IP addresses that generally cannot be resolved or have no DNS name, because the web server then doesn't know which hostname to tag it to.
As an example in Apache, if you set up a virtual host, then try to browse that server using just the IP address, you'll get the default server, which in many cases won't even be configured to respond correctly or display anything.
To compound this, going up to web application layer, many frameworks also do their own checks on hostnames and other variables passed to them by the web server, and many make decisions on how to operate based on this information.
If you've gotten to the default web application by IP address, then there's a high chance that the framework may get confused at being presented with an IP address as a host name.
As the OP noted, in many cases, you can add a name to your hosts file and use this as a poor man's DNS substitute, the file to modify can be found in the following locations:
c:\windows\system32\drivers\etc\ - on windows
and
/etc/
on Linux/Unix
The file is generally just called 'hosts' and is a plain text file. Adding a line like:
123.456.789.123 myserver
Will tie http://myserver/ to http://123.456.789.123/
If you can, and your doing a lot of web applications it may be worth setting up your own DNS server, most Linux distros will allow you to install 'Bind' and I do also believe there is a version available for windows too.
I'm not going to go into the pro's and cons of private DNS servers here, it's a whole other subject in itself, but if your likely to be doing a lot of additions to your hosts, then in the long run you'll find it a better option.
First of all, granted the question is not very descriptive - quite hard to summarise what I mean in the title.
Let me elaborate. On uservoice.com they allow users to have domain aliasing.
For example, these sites use domain aliasing:
http://feedback.bit.ly
http://feedback.topofblogs.com
http://feedback.neutex.net
None of them are hosting the uservoice platform independently.
So my question is, how do you think they're doing the user aliasing?
Do you think uservoice just have a lot of server aliases in the apache config or?
I'm very curious. I hope this question made sense.
Have a good day.
It depends what web server they're using. In order to do virtual hosting, which is what this is, you have to use HTTP 1.1, which sends the name of the server that the browser is requesting in the Host: header. So if the user requests http://www.foo.com/path/to/something then the request looks like:
GET /path/to/something HTTP/1.1
Host: www.foo.com
The web server can then look at "Host" to see how to handle the request.
From the Apache docs on Name-based Virtual Hosts:
...the first listed virtual host is the default virtual host.
Each of their hosted sites probably has set up a cname in their DNS configuration to point to a uservoice server. Uservoice probably just uses a default virtual host to handle them all. I doubt they add a new virtual host entry or server alias every time they add a new client. That requires an Apache restart.
EDIT: A quick HTTP HEAD request of one of the sites you listed shows me they are using nginx, and not Apache. Nginx probably has similar configuration capabilities as Apache. I've never used it personally.