We're using Wildfly-17.0.1
and we have 2 spring-boot microservices which are being deployed as war on wildfly
service-a.war
service-b.war
We have jboss-web.xml in both services under src/main/webapp/WEB-INF
service-a.war
<jboss-web>
<context-root>/</context-root>
<virtual-host>default-host</virtual-host>
</jboss-web>
service-b.war
<jboss-web>
<context-root>/</context-root>
<virtual-host>b-host</virtual-host>
</jboss-web>
standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:9.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default" />
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
<https-listener name="https" socket-binding="https" security-realm="UndertowRealm" enable-http2="true" />
<host name="default-host" alias="alias" default-web-module="service-a.war" />
<host name="b-host" alias="alias" default-web-module="service-b.war" />
</server>
...
</subsystem>
Above alias is the machine name
In the server.log we see below message when both applications are deployed
...
Registered web context: '/' for server 'default-server'
...
Registered web context: '/' for server 'default-server'
But when we try to access both services only one of the service seems to be working, other gives
<html><head><title>Error</title></head><body>404 - Not Found</body></html>
We tried giving different context-root, and we saw this in log
...
Registered web context: '/a' for server 'default-server'
...
Registered web context: '/b' for server 'default-server'
but still only one works and other gives 404.
It works when we give different alias for both the hosts
Why giving the same alias for different hosts doesn't work?
I think the string you put as virtualhost in jboss-web.xml must match the alias (not the name) in standalone conf
Instead of
<host name="b-host" alias="alias" default-web-module="service-b.war" />
Try with:
<host name="vhost2" alias="b-host" default-web-module="service-b.war" />
Related
There are thousands of articles on how to set up HTTPS in either tomcat or at the application level in your spring boot application. But I didn't find a way to configure tomcat for an application that already has configured HTTPS.
I've already set up my spring boot application to run on HTTPS by configuring these properties:
server.port=7070
server.ssl.enabled=true
server.ssl.key-store-password=my_password
server.ssl.key-store-type=PKCS12
server.ssl.key-store=keystore-path
server.ssl.key-alias=key_alias
And it perfectly works when I run my IDE(Intellij) and serves on https://localhost:7070 on my machine.
On the other hand, When I deploy my app into the tomcat. it runs on the port of tomcat which is defined on server.xml connector. for instance :
<Connector port="7071" protocol="HTTP/1.1" connectionTimeout="20000" />
By doing so, The connector port in tomcat overrides the port number on the application.properties.
So if I want to run my application in HTTPS in tomcat, Documents says I need to define a new connector, for example :
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
or
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
certificateFile="conf/localhost-rsa-cert.pem"
certificateChainFile="conf/localhost-rsa-chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
But these ways, I have to configure my Keystore, password, alias, and ... again in my tomcat.
I'm wondering is there any other way around not configuring again my Keystore, password and .. again in tomcat?
No, there is no other way around it. server.* properties are only applied when running the application in an embedded container. When deploying to an existing Tomcat instance, they are not used.
I'm following the Containerizing, packaging, and running a Spring Boot application guide. After getting it to run, I want to use my own Spring Boot application. So I took my jar, put it into the target directory and updated the server.xml file accordingly:
<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
<featureManager>
<feature>servlet-4.0</feature>
<feature>springBoot-2.0</feature>
</featureManager>
<httpEndpoint id="defaultHttpEndpoint"
host="*"
httpPort="9080"
httpsPort="9443" />
<springBootApplication id="guide-spring-boot"
location="myOwnApp.jar"
name="guide-spring-boot" />
<!--springBootApplication id="guide-spring-boot"
location="thin-guide-spring-boot-0.1.0.jar"
name="guide-spring-boot" /-->
</server>
Alas, after restarting the Open Liberty server this configuration seems to be totally ignored and my application is not started.
I've deployed a spring application to IBM Liberty Profile. Both of the server and the application starts without problem, but when I would like to reach the application the browser says "Context Root Not Found"
I've configured the application in several ways in the server.xml
<application location="d:/Work/Installed Liberty Applications/OFRAdminEAR/OFRAdmin.ear"
name="OFRAdmin"
security-role="false"
id="OFRAdmin"
type="ear">
<classloader apiTypeVisibility="spec,ibm-api,api" privateLibraryRef="WebspherePlugins, OFRAdminsSharedLibrary"/>
</application>
<enterpriseApplication location="d:/Work/Installed Liberty Applications/OFRAdminEAR/OFRAdmin.ear"
id="OFRAdmin"
name="OFRAdmin"
security-role="false"
type="ear">
<classloader privateLibraryRef="WebspherePlugins, OFRAdminsSharedLibrary" />
</enterpriseApplication>
<webApplication location="d:/Work/Installed Liberty Applications/OFRAdminEAR/OFRAdmin.ear"
id="OFRAdmin"
name="OFRAdmin"
security-role="false"
type="war">
<classloader privateLibraryRef="WebspherePlugins, OFRAdminsSharedLibrary" />
</webApplication>
The application packed into an ear file, which contains a WAR file and META-INF folder with the application.xml. The application.xml looks like this.
<application-name>OFRAdmin</application-name>
<display-name>OFRAdmin</display-name>
<module>
<web>
<web-uri>OFRAdmin.war</web-uri>
<context-root>OFRAdmin</context-root>
</web>
</module>
</application>
What I missed? Where should I set the context root of the application? Can anybody help me?
I am attempting to redirect traffic on insecure port to secure port as described here:
https://www.ibm.com/support/knowledgecenter/en/SSD28V_9.0.0/com.ibm.websphere.liberty.autogen.core.doc/ae/rwlp_config_httpProxyRedirect.html
Instead both ports are available and I see nothing in the logs. It's as if the httpProxyRedirect isn't being configured at all.
<?xml version="1.0" encoding="UTF-8"?>
<server description="CAST Liberty Server">
<!-- Enable features -->
<featureManager>
<feature>webProfile-7.0</feature>
</featureManager>
<application id="app" context-root="/" type="war" location="${war.name}">
<classloader apiTypeVisibility="spec, ibm-api, api, third-party" />
</application>
<httpProxyRedirect id="defaultHttpProxyRedirect" httpPort="${http.port}" httpsPort="${https.port}" />
<keyStore id="defaultKeyStore" password="pass" />
<httpEndpoint host="*" httpPort="${http.port}" httpsPort="${https.port}" id="defaultHttpEndpoint" />
<applicationMonitor updateTrigger="mbean" />
</server>
Most likely, you are missing the security-constraints in the web.xml. This configuration tells the server which URLs need to be accessed over a secure transport and then re-directs qualifying requests from the non-secure port to the secure port. This tutorial may help: https://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html
Also, keep in mind that the httpProxyRedirect configuration in the server.xml is intended for redirecting when you have a proxy server in front of your application server. For example, you may have your proxy server on the main "www.ibm.com" host - listening on HTTP port 80 and HTTPS port 443. But that host may route some requests to your Liberty application server on some other host (like "app1host.internal.ibm.com") that listens on different ports (i.e. HTTP port 9080 and HTTPS port 9443). In that case, just using the security-constraints in the web.xml would attempt to redirect the client request on the Liberty server from 9080 to 9443 but on the www.ibm.com host - where nothing is listening on those ports. In this case, you should configure httpProxyRedirect like this:
<httpProxyRedirect httpPort="80" httpsPort="443" host="www.ibm.com" />
With the configuration, a client HTTP request to a secured URL will get redirected to www.ibm.com on port 443, where the proxy server will forward the request to app1host.internal.ibm.com port 9443.
Hope this helps,
Andy
This is the security constraint that i am using in my web.xml and it works well for both Tomcat and IBM Websphere 8.5.5.15:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: make sure that you put it after your <servlet-mapping>.
I am trying to configure Tomcat7 serer.xml
the
<Host appBase="webapps/testweb" name="trythis.test.com" unpackWARs="true" autoDeploy="true">
<Context docBase="." path="" reloadable="false">
<Environment name="WEB_APP_PROPERTIES" type="java.lang.String" value="\\10.120.13.200\config"/>
</Context>
</Host>
Even though this config folder is accessible over the network my Tomcat can't access it: