troubleshoot between plugin and application server? - websphere

the request from ihs is passed to plugin then to the application server and server received it.there is no cluster environment here.the server is up and running fine.But the response is not going back to plugin.how to troubleshoot?

(I would have made this a comment, but I don't have enough rep points).
You may need to engage IBM WebSphere Support to assist with this, but typically, for that type of issue, you would need to trace both sides of the connection (IHS plugin and WebSphere). Specifically,
Set LogLevel="Trace" in the plugin-cfg.xml
Set the following trace spec on the AppServer:
=info:com.ibm.ws.webcontainer=all:com.ibm.wsspi.webcontainer*=all:HTTPChannel=all:GenericBNF=all:TCPChannel=all
Reproducing the failure and reviewing the http_plugin.log and trace.log may provide some clues.
Do you receive some type of error in the browser? timeout? Is there anything (firewall, proxy) sitting between the IHS server and WebSphere AppServer?

It could be DNS problem with your WebSphere server. Can you please let us know about your IHS and plugin. Is it installed on same server where WebSphere is or on different server? If IHS and plugin is on different server just check that WebSphere server is able to resolve the IP address of IHS server using hostname. If not try to update host file with IP and hostname of your IHS server. It should work.

Does the client or the plugin not getting the response? Will that the request result in secure connection (i.e HTTPS/SSL...)?
The WAS server should extract most of the ports correctly if IHS/plugin is used in between. If using different webServer/load balancer(LB), the WAS server may not extract the listerning ports on the webServer/LB correctly.
You can take a look at the sample setting in PK55330 where a different web server is used in place of the IHS.
http://www-01.ibm.com/support/docview.wss?uid=swg1PK55330
Regards,

Related

Getting Client ip address without change software code

We have haproxy and websphere in different machines to publish software. Software try to insert client's ip to database however it insert IP of haproxy. Programmers only use this code and they do not change.
ipAddress = request.getRemoteAddr();
I got tcpdump and i can see client's ip is on x-forwarded-for tag of http layer. Software does not use this tag to get, i think. Is there any way to change x-forwarded-for to remoteaddress? Is there any tips to get client's ip without change software code? What should i do in the websphere servers or haproxy layer?
Websphere version 8.5.5.11
haproxy version 1.8
Well as websphere is a commercial product I would suggest to ask IBM which parameter should be set in websphere.
A short search in the Internet have bring up this page
Potential WebSphere Application Server problems when deployed behind a WebSphere-aware proxy server linked from this page HTTPServletRequest.getRemoteAddr/getRemoteHost starts to return WebSphere Plugin host value from 8.5.5.16 or 9.0.0.11.
Tomcat have for this the Remote IP Valve, I assume that websphere have a similar option.
I also strongly recommend to use a more recent version of HAProxy as the 1.8 will be soon end of live https://www.haproxy.org/ .

How to achieve load-balancing and failover between the two application servers through web server in WAS

i am new in WAS so i configured WAS and also web server IHS then i created 2 application server
so through the web server the client can access the application then the traffic over HTTP to one of two application servers i created
integrate web server and 2 application server as an single endpoint then traffic distribute over applications server
like thie img how can i do that
so please can anyone help me in this?
You have to install on IHS the WebSphere Application Server plugin. Then generate the plugin config file. IHS will pass any http requests it cannot resolve to the plugin which will try to resolve to the known applications. If the plugin is not functioning properly then follow the instructions here to collect data and open an IBM Support ticket.

IHS and WEBSEAL need to be communicated

We hare setting us IBM CLM 6.05 application with websphere liberty. But our environment have webseal and we should need to install the application behind this.
we are aware that we wont get support from IBM for clm applications with Webseal as reverse proxy. But we have to deploy our clm applications on an environment where webseal is already using as a reverse proxy.
So we came into a decision that, we will configure clm applications with IHS as reverse proxy and then will make this to run behind webseal.
So our architecture plan is like
Webseal --> IHS ---> CLM appications with Liberty
Now we have setup the IHS and installed CLM applications, Infra team created a junction in webseal to make communication between Webseal and IHS,
Now when we are registering our application with the webseal url, we are geetting the error as
"The identity of remote server could not be fetched from https://vv-xxxxx.wam-sso.xxxx.com/jts/serverId because the server responded with an error code 302. Check the error log for the remote server to diagnose the cause of the failure.ID CRJAZ2177E
whats the root cause and how we can rectift this ?
Also when we put a dummy host entry in jts server ( as ip address of IHs with Webseal DNS entry) its getting fine. But its not the proper way as we are not giving the correct host entry .
So do we have any alternate way to pass this through webseal itself through IHS
Webseal -> IHS -> JTS -> RM ->.
We dont want to skip the communication through webseal or IHS and needed the traffic in the same way above.
Any suggestions highly appreciated.
Running Liberty behind Webseal is a very common scenario. One of popular options is to propagate JWT issued by webseal to Liberty. See https://www.ibm.com/blogs/sweeden/isam-9-0-2-the-jwt-sts-module-and-junction-sso-to-websphere-liberty/.

WSO2 ESB proxy service on Windows

i'm using the WSO2 ESB to integrate several services on the Windows virtual machine.
I used the simple proxy to map the services deployed on it. But the problem is what i can't access them from outside it nevetheless the port 8280 where services are deployed is open for internet, but i can see only blank page instead. What could be wrong?
Another question is i was trying to map the WSO2 ESB management console itself to be availbe from outside the machine using simple proxy, and i'm failed, it loads me the this is what i see on trying the service.
Could you please give me a hint on how to resolve this issue? is it possible to share the esb mgmt console using the ESB itself?
Thanks a lot in advance,
Do u have proxy in the middle? It looks like on screenshot webpage missing all pictures, meanwhile css was loaded successfully.
Another question which kind of virtual machine u use? For example in virtualbox by default virtual machine behind NAT.
I wasn't able to connect to server on virtual machine from host only opposite way server on host available in virtual machine.
To make server in virtual machine available on host need to configure network as bridge.
Not sure if it helps, but I think I had a similar problem in our corporate network after I applied all the security patches (poodle,Diffie-Hellman etc.). I had to configure the addresses in catalina.xml (if i remember right) that are/under which allowed to access the admin console. Cannot tell you more details because I'm on holiday :-)
Maybe it's worth to give it a try.
Another example from real life. HTTP Response from external resource was application/json, status of response 200 OK. ESB configured to use
<messageFormatter contentType="application/json"
class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
but content was simple text/plain.
During parsing body of http response exception was thrown and just silently was written to log, without any fault message processing. Just empty response to client.
To clarify that services reachable, there is echo service by default on server, which respond content equal to request. Try to use it.
was trying to map the WSO2 ESB management console itself to be availbe
from outside the machine using simple proxy
By default the management console tries to enforce the port 9443 for dynamic links (JSP) pages. That's why you see only part of the pages and you shouldn't be able to log on.
what you can do is edit the repository/conf/tomcat/catalina-server.xml and to the Connector running the port 9443 you can add an attribute proxyPort="443", the carbon console will be happy to run on 443.
For the services, my educated guess would be on the firewall / network rules, however without other information I cannot answer (or - they are working, just you may not try to access them by simple browser request)

polygraph for https via proxy server

Can anyone help me setup web polygraph for testing an HTTPS servers via proxy servers in middle
linux machine:192.168.21.7
proxy server :192.168.21.9
https server : 192.168.21.11
This link contains the needed information:
http://www.web-polygraph.org/docs/userman/simple.html
Basically polygraph has couple files which are bundled with it and use for testing.
The manual I gave you give example that uses polysrv but on different distributions you will probably have different names for the tool(on ubuntu it's polygraph-server and polygraph-client)
You need to set the listening service ip+port outgoing "robot" ip and then start it using command line.
For https setup we will configure our pg file on server and client with SslWrap module.
Details of same can be found in http://www.web-polygraph.org/docs/reference/models/ssl.html

Resources