[jboss-user] [Installation, Configuration & DEPLOYMENT] - Multiple WARs with SSL and common data source configuration.

trickyvail do-not-reply at jboss.com
Thu Jul 19 13:12:50 EDT 2007 

I have a requirement for two SSL enabled shopping websites to share the same data source. Both websites are owned by the same company. Some of the products are unique to one website and some products are common to both - hence the shared data source to accurately reflect inventory levels.

I have an implementation using Apache2 and mod_jk but I would be very grateful to hear any tips for alternative solutions.

In particular please clarify the following:

- Can WARs inside the same EAR utilize different SSL certificates?

- Can EARs running within different VMs but not within a cluster share a common Persistence Provider Instance (factory / secondary cache)?



Here are the details for my current implementation.
----------------------------------------------------------------

Software:
- Debian 4.0 Etch AMD64
- Apache 2.2.3
- JBoss 4.0.5.GA
- JBoss Seam 1.2.1.GA
- JDK 1.5.0_12
- libapache2-mod-jk 1.2.18

Server Configuration
--------------------------
The server has been configured to have two network addresses through virtual addressing (aka multihomed).

/etc/network/interfaces :auto eth0
  | iface eth0 inet static
  |         address 192.168.0.81
  |         netmask 255.255.255.0
  |         network 192.168.0.0
  |         broadcast 192.168.0.255
  |         gateway 192.168.0.254
  | auto eth0:0
  | iface eth0:0 inet static
  |         address 192.168.0.82
  |         netmask 255.255.255.0
  |         network 192.168.0.0
  |         broadcast 192.168.0.255

JBoss configuration
--------------------------
JBoss has been configured with 2 virtual hosts bound to the 2 addresses.

$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml :<Server>
  | 
  |    <Service name="jboss.web"
  |       className="org.jboss.web.tomcat.tc5.StandardService">
  | 
  |       <Connector port="8080" address="${jboss.bind.address}"
  |          maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
  |          emptySessionPath="true"
  |          enableLookups="false" redirectPort="8443" acceptCount="100"
  |          connectionTimeout="20000" disableUploadTimeout="true"/>
  | 
  |       <Connector port="8009" address="${jboss.bind.address}"
  |          emptySessionPath="true" enableLookups="false" redirectPort="8443" 
  |          protocol="AJP/1.3"/>
  |       <Engine name="jboss.web" defaultHost="localhost">
  | 
  |          <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
  |             certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
  |             allRolesMode="authOnly"
  |             />
  | 
  |         <Host name="localhost"
  |            autoDeploy="false" deployOnStartup="false" deployXML="false"
  |            configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
  |            >
  | 
  |             <Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
  |                 cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
  |                 transactionManagerObjectName="jboss:service=TransactionManager" />
  | 
  | 
  |          </Host>
  | 
  | 	<Host
  | 		name="192.168.0.81"
  | 		autoDeploy="false"
  | 		deployOnStartup="false"
  | 		deployXML="false"
  | 	>
  | 		<Alias>www.domain1.net</Alias>
  | 	</Host>
  | 
  | 	<Host
  | 		name="192.168.0.82"
  | 		autoDeploy="false"
  | 		deployOnStartup="false"
  | 		deployXML="false"
  | 	>
  | 		<Alias>www.domain2.net</Alias>
  | 	</Host>
  | 
  |       </Engine>
  | 
  |    </Service>
  | 
  | </Server>

My application is deployed as an EAR containing 2 WARs. The WARs are configured to attach to different addresses.

application.ear/META-INF/application.xml :<?xml version="1.0" encoding="UTF-8"?>
  | <application xmlns="http://java.sun.com/xml/ns/javaee" 
  |              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |              xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd"
  |              version="5">
  |     
  |    <display-name>domain</display-name>
  |    
  |    <module>
  |       <web>
  |          <web-uri>domain1.war</web-uri>
  |          <context-root>/</context-root>
  |       </web>
  |    </module>
  | 
  |    <module>
  |       <web>
  |          <web-uri>domain2.war</web-uri>
  |          <context-root>/</context-root>
  |       </web>
  |    </module>
  | 
  |     SNIP . . .
application.ear/domain1.war/WEB-INF/jboss-web.xml :<jboss-web>
  | 	<context-root>/</context-root>
  | 	<virtual-host>192.168.0.81</virtual-host>
  | </jboss-web>
application.ear/domain2.war/WEB-INF/jboss-web.xml :<jboss-web>
  | 	<context-root>/</context-root>
  | 	<virtual-host>192.168.0.82</virtual-host>
  | </jboss-web>

Apache2 configuration
----------------------------
/etc/apache2/ports.conf :Listen 192.168.0.81:80
  | Listen 192.168.0.81:443
  | Listen 192.168.0.82:80
  | Listen 192.168.0.82:443
added to /etc/apache2/apache2.conf :        JkWorkersFile /etc/apache2/jk/workers.properties
  |         JkLogFile /var/log/apache2/mod_jk.log
  |         JkLogLevel info
  |         JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
  |         JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
  |         JkRequestLogFormat "%w %V %T"
/etc/apache2/jk/workers.properties :worker.list=domain1,domain2
  | 
  | worker.domain1.type=ajp13
  | worker.domain1.host=192.168.0.81
  | worker.domain1.port=8009
  | 
  | worker.domain2.type=ajp13
  | worker.domain2.host=192.168.0.82
  | worker.domain2.port=8009
/etc/apache2/sites-available/www.domain1.net :NameVirtualHost www.domain1.net:80
  | NameVirtualHost www.domain1.net:443
  | 
  | <VirtualHost www.domain1.net:80>
  |         ServerName www.domain1.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         JkMount /* domain1
  | </VirtualHost>
  | 
  | <VirtualHost www.domain1.net:443>
  |         ServerName www.domain1.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         SSLEngine on
  |         SSLCertificateFile /etc/apache2/ssl/domain1.pem
  | 
  |         JkMount /* domain1
  | </VirtualHost>
/etc/apache2/sites-available/www.domain2.net :NameVirtualHost www.domain2.net:80
  | NameVirtualHost www.domain2.net:443
  | 
  | <VirtualHost www.domain2.net:80>
  |         ServerName www.domain2.net
  |         DocumentRoot /var/www/www.domain2.net/
  |         JkMount /* domain2
  | </VirtualHost>
  | 
  | <VirtualHost www.domain2.net:443>
  |         ServerName www.domain2.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         SSLEngine on
  |         SSLCertificateFile /etc/apache2/ssl/domain2.pem
  | 
  |         JkMount /* domain2
  | </VirtualHost>

Create soft links:cd /etc/apache2/sites-enabled
  | sudo ln -s /etc/apache2/sites-available/www.domain1.net 001-www.domain1.net
  | sudo ln -s /etc/apache2/sites-available/www.domain2.net 002-www.domain2.net

Create security certificates :sudo mkdir /etc/apache2/ssl
  | sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/domain1.pem
  | sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/domain2.pem

-----------------------------------------------------

I hope this information is helpful and look forward to your feedback.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4065903#4065903

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4065903

More information about the jboss-user mailing list