I am running jboss in domain mode.
I have a collect of services hosted in a server group in jboss. (I have to use jboss for the time being even though it is not the correct thing to use.) 2 of the services should be accessible from different hosts (not localhost) but the rest of the services should only be accessible from localhost. Is there anyway to give access from any machine to the 2 services but not the rest of the services?
Maybe I could split the services into two server groups and some how have different access rules for the two server groups?
So found out that if you put a file called undertow-handlers.conf in the WEB-INF folder of your webapp you can restrict access to your application in this file. So you can add the following line
ip-access-control(default-allow=false, acl={'127.0.0.1 allow'})
this means only requests coming from 127.0.0.1 will be accepted.
Related
My customer has 2 Windows Server 2019.
On both of them, an instance of a SOAP Web Service is running.
URLs:
https://host1.domainname.com/SOAPService
and
https://host2.domainname.com/SOAPService
Now, the requirement of the customer is to provide a single, unique URL that the clients can use to consume the SOAP WebService(s).
I read through several websites and if I got it right, I need a tool that is called "reserve proxy"... Using this tool, clients can access the webservice by using an URL such as https://host.domainname.com/SOAPService and the tool will automatically route the request to the available webservice.
Correct?
I also have an architectural question:
On which machine do I have to run such a Reserve Proxy?
Is it on host1 or host2 or do I need a dedicated machine (like a supervisor)?
If it is a dediciated machine, how can I apply high availability of this Reverse Proxy? E.g. is it possible to run 2 Reserve Proxies in parallel on different machines? Which tool could afford this?
Thanks
I am trying setting up an websphere application server cluster and deploy an web application on it. I have successfully access the application with a web server. but i have some question, if i would access the application bypassing the web server by using 9080 to the single server, i get error when sign in servlet respond.redirect to jsp page. the session was lost, are we not suppose to access the application in cluster environment with out the web server ?
As long as you target an individual server in the cluster, you should not lose your session or suffer any other ill effects for not using/having a proxy server between you and the cluster. You should look closely at the Cookies issued through that flow and make sure they don't have a bad domain or path and that you don't get redirected back through the webserver or otherwise to another JVM.
Also verify there is no DNS-based load balancing. If you don't have session persistence/distribution/replication it won't work.
I'm trying to host web pages using Win Server 2016. Currently, I have Jira and my personal web (IIS) servers. Using AWS, I currently have "myec2.com:port1" and "myec2.com/port2" running fine. And I'm planning to buy a domain "myname.com" to be connected to "myec2.long.name.com"
What I hope to do is "myname.com/jira" and "myname.com/mypage" or "jira.myname.com" and "mypage.myname.com" can redirect to Jira server and the IIS server. Is there a way I can achieve this goal?
Thanks in advance.
If you buy a domain like myname.com you will be able to configure any number of sub-domains such as jira.myname.com or mypage.myname.com as you like.
Usually what you would do is point those sub-domains to your server's IP then handle requests to those domains by setting up a web server (like apache or nginx) and configuring a virtual host (apache) or a server block (nginx) for each one of those sub-domains.
I am trying to host a WCF RESTful service in IIS as a child application under and existing Site but it will not work. It works fine when I host it as a Site by itself, but the problem is that both Sites share the same port numbers, port 80 (http) and port 443(https). Can anything help with how to get around this?
You must select the default site, do right click and add application or create a virtual folder to point to default folder where your service is in dev...
If you choose the first you need to create a file system of the service, with publish in Visual Studio.
and
.
So with this approach you can use the same port with different route.
Thank you for for taking your time to answer the question. I was able to get the solution myself. It was because I did not configure HTTPS when I hosted the service in IIS. After I configured the HTTPS, everything works great.
While running two app servers (which has mobilefirst servers hosted 7.1 version) from ibm http server, only one server runs successfully on keeping only one of the Route attribute active in the plugin-cfg.xml of the http server. In the server which is not running, the following error is seen in the messages.log.
CWWKS4001E: The security token cannot be validated. This can be for the following reasons
1. The security token was generated on another server using different keys.
2. The token configuration or the security keys of the token service which created the token has been changed.
3. The token service which created the token is no longer available.
Kindly guide in resolving the error above.
Thanks.
Sounds like your two servers have not exchanged/shared LTPA keys and IHS and the WAS Plugin are a red herring.
http://www.ibm.com/support/knowledgecenter/SSAW57_liberty/com.ibm.websphere.wlp.nd.doc/ae/twlp_sec_ltpa.html
http://www.ibm.com/support/knowledgecenter/SSAW57_liberty/com.ibm.websphere.wlp.nd.doc/ae/twlp_sec_sso.html
Note: For SSO to work across Liberty servers, full profile servers, or both, set the following resources:
The servers must use the same LTPA keys and share the same user registry.
Sounds like communication issue between two servers. Are the inbound ports opened on another server to communicate with HTTP server? if they are opened use telnet and test whether both servers (HTTP and app server) are communicating with each other.
On HTTP Server, open command prompt and enter below command.
telnet <app server ip> <app server port>
If this is not successful then you need to open ports on app server.