[jboss-user] [Installation, Configuration & DEPLOYMENT] - Multiple WARs with SSL and common data source configuration.

[trickyvail]

I have a requirement for two SSL enabled shopping websites to share the same 
data source. Both websites are owned by the same company. Some of the products 
are unique to one website and some products are common to both - hence the 
shared data source to accurately reflect inventory levels.

I have an implementation using Apache2 and mod_jk but I would be very grateful 
to hear any tips for alternative solutions.

In particular please clarify the following:

- Can WARs inside the same EAR utilize different SSL certificates?

- Can EARs running within different VMs but not within a cluster share a common 
Persistence Provider Instance (factory / secondary cache)?



Here are the details for my current implementation.
----------------------------------------------------------------

Software:
- Debian 4.0 Etch AMD64
- Apache 2.2.3
- JBoss 4.0.5.GA
- JBoss Seam 1.2.1.GA
- JDK 1.5.0_12
- libapache2-mod-jk 1.2.18

Server Configuration
--------------------------
The server has been configured to have two network addresses through virtual 
addressing (aka multihomed).

/etc/network/interfaces :auto eth0
  | iface eth0 inet static
  |         address 192.168.0.81
  |         netmask 255.255.255.0
  |         network 192.168.0.0
  |         broadcast 192.168.0.255
  |         gateway 192.168.0.254
  | auto eth0:0
  | iface eth0:0 inet static
  |         address 192.168.0.82
  |         netmask 255.255.255.0
  |         network 192.168.0.0
  |         broadcast 192.168.0.255

JBoss configuration
--------------------------
JBoss has been configured with 2 virtual hosts bound to the 2 addresses.

$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml :<Server>
  | 
  |    <Service name="jboss.web"
  |       className="org.jboss.web.tomcat.tc5.StandardService">
  | 
  |       <Connector port="8080" address="${jboss.bind.address}"
  |          maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
  |          emptySessionPath="true"
  |          enableLookups="false" redirectPort="8443" acceptCount="100"
  |          connectionTimeout="20000" disableUploadTimeout="true"/>
  | 
  |       <Connector port="8009" address="${jboss.bind.address}"
  |          emptySessionPath="true" enableLookups="false" redirectPort="8443" 
  |          protocol="AJP/1.3"/>
  |       <Engine name="jboss.web" defaultHost="localhost">
  | 
  |          <Realm 
className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
  |             
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
  |             allRolesMode="authOnly"
  |             />
  | 
  |         <Host name="localhost"
  |            autoDeploy="false" deployOnStartup="false" deployXML="false"
  |            
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
  |            >
  | 
  |             <Valve 
className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
  |                 
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
  |                 
transactionManagerObjectName="jboss:service=TransactionManager" />
  | 
  | 
  |          </Host>
  | 
  |     <Host
  |             name="192.168.0.81"
  |             autoDeploy="false"
  |             deployOnStartup="false"
  |             deployXML="false"
  |     >
  |             <Alias>www.domain1.net</Alias>
  |     </Host>
  | 
  |     <Host
  |             name="192.168.0.82"
  |             autoDeploy="false"
  |             deployOnStartup="false"
  |             deployXML="false"
  |     >
  |             <Alias>www.domain2.net</Alias>
  |     </Host>
  | 
  |       </Engine>
  | 
  |    </Service>
  | 
  | </Server>

My application is deployed as an EAR containing 2 WARs. The WARs are configured 
to attach to different addresses.

application.ear/META-INF/application.xml :<?xml version="1.0" encoding="UTF-8"?>
  | <application xmlns="http://java.sun.com/xml/ns/javaee"; 
  |              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  |              xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/application_5.xsd";
  |              version="5">
  |     
  |    <display-name>domain</display-name>
  |    
  |    <module>
  |       <web>
  |          <web-uri>domain1.war</web-uri>
  |          <context-root>/</context-root>
  |       </web>
  |    </module>
  | 
  |    <module>
  |       <web>
  |          <web-uri>domain2.war</web-uri>
  |          <context-root>/</context-root>
  |       </web>
  |    </module>
  | 
  |     SNIP . . .
application.ear/domain1.war/WEB-INF/jboss-web.xml :<jboss-web>
  |     <context-root>/</context-root>
  |     <virtual-host>192.168.0.81</virtual-host>
  | </jboss-web>
application.ear/domain2.war/WEB-INF/jboss-web.xml :<jboss-web>
  |     <context-root>/</context-root>
  |     <virtual-host>192.168.0.82</virtual-host>
  | </jboss-web>

Apache2 configuration
----------------------------
/etc/apache2/ports.conf :Listen 192.168.0.81:80
  | Listen 192.168.0.81:443
  | Listen 192.168.0.82:80
  | Listen 192.168.0.82:443
added to /etc/apache2/apache2.conf :        JkWorkersFile 
/etc/apache2/jk/workers.properties
  |         JkLogFile /var/log/apache2/mod_jk.log
  |         JkLogLevel info
  |         JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
  |         JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
  |         JkRequestLogFormat "%w %V %T"
/etc/apache2/jk/workers.properties :worker.list=domain1,domain2
  | 
  | worker.domain1.type=ajp13
  | worker.domain1.host=192.168.0.81
  | worker.domain1.port=8009
  | 
  | worker.domain2.type=ajp13
  | worker.domain2.host=192.168.0.82
  | worker.domain2.port=8009
/etc/apache2/sites-available/www.domain1.net :NameVirtualHost www.domain1.net:80
  | NameVirtualHost www.domain1.net:443
  | 
  | <VirtualHost www.domain1.net:80>
  |         ServerName www.domain1.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         JkMount /* domain1
  | </VirtualHost>
  | 
  | <VirtualHost www.domain1.net:443>
  |         ServerName www.domain1.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         SSLEngine on
  |         SSLCertificateFile /etc/apache2/ssl/domain1.pem
  | 
  |         JkMount /* domain1
  | </VirtualHost>
/etc/apache2/sites-available/www.domain2.net :NameVirtualHost www.domain2.net:80
  | NameVirtualHost www.domain2.net:443
  | 
  | <VirtualHost www.domain2.net:80>
  |         ServerName www.domain2.net
  |         DocumentRoot /var/www/www.domain2.net/
  |         JkMount /* domain2
  | </VirtualHost>
  | 
  | <VirtualHost www.domain2.net:443>
  |         ServerName www.domain2.net
  |         DocumentRoot /var/www/www.domain1.net/
  |         SSLEngine on
  |         SSLCertificateFile /etc/apache2/ssl/domain2.pem
  | 
  |         JkMount /* domain2
  | </VirtualHost>

Create soft links:cd /etc/apache2/sites-enabled
  | sudo ln -s /etc/apache2/sites-available/www.domain1.net 001-www.domain1.net
  | sudo ln -s /etc/apache2/sites-available/www.domain2.net 002-www.domain2.net

Create security certificates :sudo mkdir /etc/apache2/ssl
  | sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf 
/etc/apache2/ssl/domain1.pem
  | sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf 
/etc/apache2/ssl/domain2.pem

-----------------------------------------------------

I hope this information is helpful and look forward to your feedback.



View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4065903#4065903

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4065903
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user