We are facing the problem that our Java EJB3 client is behind a firewall that allows only outgoing traffic to port 80. The client communicates with a Glassfish server for EJB calls and JMS messages. Therefore we have to somehow direct all traffic (IIOP & JMS) through this one single port. Does anybody know how to do this?
We are using Glassfish 4.1 as a server. I have heard of JProxy but that seems to be inactive by now.
We could theoretically use SSH port forwarding but that would bypass the Glassfish authentication.
Hi from the server's side (even though your problem is the client) you can change the IIOP port either by the admin console or editing your domain.xml .
<iiop-service>
<orb use-thread-pool-ids="thread-pool-1"></orb>
<iiop-listener address="0.0.0.0" port="3700" lazy-init="true" id="orb-listener-1"></iiop-listener>
<iiop-listener address="0.0.0.0" port="3820" id="SSL" security-enabled="true">
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl>
</iiop-listener>
The thing is that you need to pass through the IIOP traffic to port 80 and then hit the actual remote server. I think you need to check your options on creating an SSL tunnel, see here
Related
I have a netty-socket server running on ports 8191 and 8190. nginx is configured to listen on port 443 from the netty-socket client[both the ports configured on 443] and proxy requests to the netty-socketio server.Netty version being used is 4.1.49.Final
Since we can't run two same ports on a machine, we have configured Nginx to listen to 443 port and redirect them to 8191 and 8190 based on the calls we are making.
If I connect directly to the socket server everything works as expected, however, when connecting via Nginx connections drop and never come up. But both client and server are running.
Attaching the configurations of the netty server, client and Nginx.
Nettyclient
NettyServer
Nginx conf
Situation:
My client has a Java web application deployed on a JBoss server, it is accessed both via HTTPS and HTTP
The JBoss server is sitting behind a load-balancer that handles the SSL, in other words this load-balancer terminates SSL and sends requests to JBoss as plain HTTP
Problem I need to solve:
The web application deployed on JBoss needs to know what port the load-balancer is using for HTTPS, so that it can direct users to certain HTTPS urls correctly. This cannot be hard-coded because the application will be deployed on multiple clients, each of them have different configurations for the load-balancer.
My approach (which didn't work):
I am defining the port from a jspx page, via ${pageContext.request.serverPort}, but this always returns the port for HTTP because JBoss always gets the request via HTTP.
Thanks in advance. I've looked at this question but was not helpful.
There isn't really a way to determine the port if tomcat is sitting behind a load balancer. As suggested in the comments, exposing the port configuration to your clients would be the best for now.
I'm trying to setup a Solaris KSSL proxy (http://www.c0t0d0s0.org/archives/5575-Less-known-Solaris-Features-kssl.html) as a frontend to a Jetty web server.
I'm able to make KSSL work with Apache web server so that KSSL redirects all incoming SSL traffic from port 443 into an Apache web server listening on port 28080.
However the same configuration does not work when Jetty is listening on port 28080. I verified that the KSSL requests does not even reach Jetty or at least I cannot see them in the access log. Furthermore even if I set a simple Java class which just listens on a server socket, KSSL cannot redirect requests to it.
My question is what are the pre-requisites from a web server in order to be able to get requests from KSSL ?
Best regards,
Lior
There are 2 very common gotchas when working with kssl.
The first is that the apache listening IP has to be the same
as your ksslcfg command. So if you have Listen 123.123.123.123:28080 in
the httpd.conf file, then you must use a ksslcfg command with the same IP.
You cannot have it listening on ANY (*) and then list an IP in ksslcfg,
or listen on an IP and leave out the IP on ksslcfg. Whatever netstat shows
is listening on port 28080 must match the IP used in ksslcfg
(or don't use the IP it is listening on *)
The second is that you must do the operations in this order:
ksslcfg
restart apache
It doesn't not work if ksslcfg is run without restarting apache afterward.
I've seen many people on the web testing with something like
localhost in their ksslcfg command. It won't work unless you also
had localhost as the Listen IP in the apache configuration.
Thrift provides several different non-blocking server models, like TNonblockingServer, THsHaServer, and TThreadedSelectorServer. But, I'd like to enable SSL on the server. It seems SSL only works on blocking servers in Thrift.
Anyone has any clues of a non-blocking SSL server in Thrift? Java example would be highly appreciated.
One alternative to worrying about SSL in your Java App is to stand up something like nginx (http://wiki.nginx.org/SSL-Offloader) as a reverse proxy.
This has the upside of your application not needing to care about SSL but does require one more layer in your stack.
Clients will connect to the nginx server instead of directly to your client and nginx will forward those connections to your Thrift server.
You don't necessarily need two different servers for this approach, just configure your Thrift server to only listen on localhost (127.0.0.1 for ipv4) and have nginx listen on your external interfaces and forward to localhost.
Edit: client -> server in last paragraph
I have already deployed my web application on GlassFish at http://localhost:8080/Elibrary/.
So how can I configure my server to make "Elibrary" accessible from the Internet?
I know that in ASP we can use IIS to alias the from domain.
Could someone please let me know or point me to some documentation?
If you are hosting in your network, then you have to get IP of the machine which is running your app i.e. is your local ip inside ur network. To get your ip, run ifconfig on mac/unix/linux and ipconfig on windows.
Then go to your router settings. Generally every router has specific ip to access settings from browser like belkin has 'http://192.168.2.1'.
In your router settings you have to look for 'virtual servers', 'port forwarding' etc. The actual concept is port forwarding but different routers say it differently in the settings. These settings should be in firewall or security sections.
Once you found the settings, there you will have to tell the inbound port range and map it to the local ip (which we have above) and the outbound port range. It is saying that when ever a request comes on the router on the inbound port range then forward that request to local ip and port range. In your case, the port range will be to (for both inbound and outbound). Note that some routers dont have range for ports instead only have one port per entry, so you just have to put .
NOTE: To get the IP for settings of your router, try this site.
I hope this is what you looking for.
Nginx or Apache will work will in that scenario, processing virtual hosts and forwarding to an external application. Example for nginx.
Put this in place of the server section in an existing config file, unless using Debian/Ubuntu or other system where the server configurations are split into their own files.
server {
listen ip:80;
server_name virtualhostname.tld;
location "/" {
proxy_pass http://localhost:8080/;
};
};
Now http://virtualhostname.tld/Elibrary will work to access your application.
You can add rewiriting to get rid of Elibrary, and you find Apache equivalents of this online.