RE: clustering + ssl together
Greg, I just logged this as bug 525. The ssl loadbalancer just won't accept connections with https://, but will accept connections with http://. Basic problem with the code. Its not us. Karl and Magnus need to fix this. regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker Sent: Tuesday, June 26, 2001 9:59 PM To: Orion-Interest Subject: RE: clustering + ssl together Greg, I just tried something which ALMOST worked. I tried the secure loadbalancer instance like this in the browser: http://localhost:443/mysecuresite/login. The secure loadbalancer showed a session id, and forwarded the request to the secure island! Of course the site didn't do anything, since it was looking for a handshake. It looks like the loadbalancer is just not doing its bit...it is refusing all connections which are secure. regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Matthews Sent: Tuesday, June 26, 2001 3:00 PM To: Orion-Interest Subject: Re: clustering + ssl together ew, i was trying to run a single secure load balancer with it's own load-balancer.xml. loadbalancer did register the 2 orions i'd set up to appear in the cluster, but after being able to see them appear on the loadbalancer screen, i was still unable to access my web app. the browser just sat there with the little IE symbol spinning, but no joy. all orions and the loadbalancer had their own keystore setup using a test certificate generated from thawte.com loadbalancer => secure and on port 443 (on box1) orion1 => secure and on port 443 (on box2) orion2 => secure and on port 8080 (on box1) !! but only in some experiments. i also tried various other configurations of the loadbalancer and cluster machines having secure on/off, etc. and swapping the port numbers around, e.g. when loadbalancer and orion2 were both running, they were both secure="true" but obviously only one can run on port 443 at one time, so i made orion2 run on port 8080 while secure="true" was set. i also had a look at apache for how to setup SSL but it looks like you've got to compile the mod in yourself for win32 so i've given that a miss for the moment. greg. - Original Message - From: "elephantwalker" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Sent: Wednesday, June 27, 2001 2:48 AM Subject: RE: clustering + ssl together > Here are the in the plan so far...see below. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker > Sent: Monday, June 25, 2001 1:29 AM > To: Orion-Interest > Subject: RE: clustering + ssl together > > > Greg, > > I am doing this now, so I will get back to the list when I am finished. This > is my working plan: > > 1. there are two loadbalancers instances, one for http and one for https. > These can be on the same machine or seperate machines. > > > > At one level this works, but you have to set the minimumIsland/maximumIsland > so that each respective loadbalancer picks up either the https island or the > http island. However, https connections do not work. It could be because of > this blurb in the load-balancer.xml description: > > secure - Whether or not to use SSL. The default is false. SSL is only used > when using session (not IP) >based balancing and the backend and the site is using SSL. If you specify > the balancer to use SSL then >the backend servers will not (the balancer converts to HTTP, ie contains > the SSL layer). Note that this >puts the strain of decoding the SSL on the balancer. > > I'm sorry, but does this say that we have the option of NOT using SSL for > the balancer, but using it for the backend? Or if we use SSL for the > balancer, SSL isn't used on the backend (and thus we have to strip all of > the SSL configuration from the backend)? > > > > > 2. the ports for your web-sites can be different from your loadbalancer(s) > port. This allows you to have the loadbalancer and an orion instance on the > same machine, for example. Or the ports can be the same, in which case the > loadbalancer(s) has to be on a different machine. > > > > Since web-sites are load-balanced (not applications), its important that > each *web-site.xml which you use have its own island. This is done by > setting the cluster-island attribute in the web-site tag. See above for > reference to min/max island ids for the loadbalancer. The port bit seems to > work. That is, the http web-site had a port of 10180, and the http > loadbalancer listened on port 80. This was no problem. So if you want to > have the loadbalancer and web-site on the same ip address, you will need to > set the website port to something else so they don't conflict. > > > 3. the same rules apply for the loadbalancer as orion for unix machines. You > need to use some port forwarding, like ipchains, if you want to run the > loadbalancer on a
RE: clustering + ssl together
Greg, I just tried something which ALMOST worked. I tried the secure loadbalancer instance like this in the browser: http://localhost:443/mysecuresite/login. The secure loadbalancer showed a session id, and forwarded the request to the secure island! Of course the site didn't do anything, since it was looking for a handshake. It looks like the loadbalancer is just not doing its bit...it is refusing all connections which are secure. regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Matthews Sent: Tuesday, June 26, 2001 3:00 PM To: Orion-Interest Subject: Re: clustering + ssl together ew, i was trying to run a single secure load balancer with it's own load-balancer.xml. loadbalancer did register the 2 orions i'd set up to appear in the cluster, but after being able to see them appear on the loadbalancer screen, i was still unable to access my web app. the browser just sat there with the little IE symbol spinning, but no joy. all orions and the loadbalancer had their own keystore setup using a test certificate generated from thawte.com loadbalancer => secure and on port 443 (on box1) orion1 => secure and on port 443 (on box2) orion2 => secure and on port 8080 (on box1) !! but only in some experiments. i also tried various other configurations of the loadbalancer and cluster machines having secure on/off, etc. and swapping the port numbers around, e.g. when loadbalancer and orion2 were both running, they were both secure="true" but obviously only one can run on port 443 at one time, so i made orion2 run on port 8080 while secure="true" was set. i also had a look at apache for how to setup SSL but it looks like you've got to compile the mod in yourself for win32 so i've given that a miss for the moment. greg. - Original Message - From: "elephantwalker" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Sent: Wednesday, June 27, 2001 2:48 AM Subject: RE: clustering + ssl together > Here are the in the plan so far...see below. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker > Sent: Monday, June 25, 2001 1:29 AM > To: Orion-Interest > Subject: RE: clustering + ssl together > > > Greg, > > I am doing this now, so I will get back to the list when I am finished. This > is my working plan: > > 1. there are two loadbalancers instances, one for http and one for https. > These can be on the same machine or seperate machines. > > > > At one level this works, but you have to set the minimumIsland/maximumIsland > so that each respective loadbalancer picks up either the https island or the > http island. However, https connections do not work. It could be because of > this blurb in the load-balancer.xml description: > > secure - Whether or not to use SSL. The default is false. SSL is only used > when using session (not IP) >based balancing and the backend and the site is using SSL. If you specify > the balancer to use SSL then >the backend servers will not (the balancer converts to HTTP, ie contains > the SSL layer). Note that this >puts the strain of decoding the SSL on the balancer. > > I'm sorry, but does this say that we have the option of NOT using SSL for > the balancer, but using it for the backend? Or if we use SSL for the > balancer, SSL isn't used on the backend (and thus we have to strip all of > the SSL configuration from the backend)? > > > > > 2. the ports for your web-sites can be different from your loadbalancer(s) > port. This allows you to have the loadbalancer and an orion instance on the > same machine, for example. Or the ports can be the same, in which case the > loadbalancer(s) has to be on a different machine. > > > > Since web-sites are load-balanced (not applications), its important that > each *web-site.xml which you use have its own island. This is done by > setting the cluster-island attribute in the web-site tag. See above for > reference to min/max island ids for the loadbalancer. The port bit seems to > work. That is, the http web-site had a port of 10180, and the http > loadbalancer listened on port 80. This was no problem. So if you want to > have the loadbalancer and web-site on the same ip address, you will need to > set the website port to something else so they don't conflict. > > > 3. the same rules apply for the loadbalancer as orion for unix machines. You > need to use some port forwarding, like ipchains, if you want to run the > loadbalancer on a user account which is not the superuser. This applies also > for the ssl port. (skip 3 if you are using m$ or don't care) > 4. the ssl setup in the load-balancer.xml (see the ssl-config tag in the > load-balancer.xml documentation) is the same as the secure-web-site.xml, but > you will have to set the secure flag in the load-balancer tag. Obviously, > this means you will need a keystore for the loadbalancer, and a keystore for > the backend for tota
Multiple destination with orion 1.4.8
hi... There is two case that i would like to hear opinion from you guys.I use EJB to pass all the data to different machine and location.I am using orion 1.4.8 for all the location. first case: one client sent data to destination named ormi://machineA/A and forward all the data to 3 different machine named ormi://machineB/B,ormi://machineC/C,ormi://machineD/D concurrently. Some thing happen went machineA try to forward all the data to this 3 machine concurrently. MachineA give exception java.lang.NullPointerException domain was null. seconds case: one client sent data to destination named ormi://machineA/A and forward all the data to 3 different machine named ormi://machineB/A,ormi://machineC/A,ormi://machineD/A concurrently. But only machineB get all the data for machineC and machineD. Therefore machineB get is 3 data. Suppose every machine will get its own data. I had change the port number and its still point to same machine that its see first and give all the data although it didn't give any exception went machineA try to find ejb application in different machine. Had anybody out there had same problem with me. I would to hear from u guys. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Re: clustering + ssl together
ew, i was trying to run a single secure load balancer with it's own load-balancer.xml. loadbalancer did register the 2 orions i'd set up to appear in the cluster, but after being able to see them appear on the loadbalancer screen, i was still unable to access my web app. the browser just sat there with the little IE symbol spinning, but no joy. all orions and the loadbalancer had their own keystore setup using a test certificate generated from thawte.com loadbalancer => secure and on port 443 (on box1) orion1 => secure and on port 443 (on box2) orion2 => secure and on port 8080 (on box1) !! but only in some experiments. i also tried various other configurations of the loadbalancer and cluster machines having secure on/off, etc. and swapping the port numbers around, e.g. when loadbalancer and orion2 were both running, they were both secure="true" but obviously only one can run on port 443 at one time, so i made orion2 run on port 8080 while secure="true" was set. i also had a look at apache for how to setup SSL but it looks like you've got to compile the mod in yourself for win32 so i've given that a miss for the moment. greg. - Original Message - From: "elephantwalker" <[EMAIL PROTECTED]> To: "Orion-Interest" <[EMAIL PROTECTED]> Sent: Wednesday, June 27, 2001 2:48 AM Subject: RE: clustering + ssl together > Here are the in the plan so far...see below. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker > Sent: Monday, June 25, 2001 1:29 AM > To: Orion-Interest > Subject: RE: clustering + ssl together > > > Greg, > > I am doing this now, so I will get back to the list when I am finished. This > is my working plan: > > 1. there are two loadbalancers instances, one for http and one for https. > These can be on the same machine or seperate machines. > > > > At one level this works, but you have to set the minimumIsland/maximumIsland > so that each respective loadbalancer picks up either the https island or the > http island. However, https connections do not work. It could be because of > this blurb in the load-balancer.xml description: > > secure - Whether or not to use SSL. The default is false. SSL is only used > when using session (not IP) >based balancing and the backend and the site is using SSL. If you specify > the balancer to use SSL then >the backend servers will not (the balancer converts to HTTP, ie contains > the SSL layer). Note that this >puts the strain of decoding the SSL on the balancer. > > I'm sorry, but does this say that we have the option of NOT using SSL for > the balancer, but using it for the backend? Or if we use SSL for the > balancer, SSL isn't used on the backend (and thus we have to strip all of > the SSL configuration from the backend)? > > > > > 2. the ports for your web-sites can be different from your loadbalancer(s) > port. This allows you to have the loadbalancer and an orion instance on the > same machine, for example. Or the ports can be the same, in which case the > loadbalancer(s) has to be on a different machine. > > > > Since web-sites are load-balanced (not applications), its important that > each *web-site.xml which you use have its own island. This is done by > setting the cluster-island attribute in the web-site tag. See above for > reference to min/max island ids for the loadbalancer. The port bit seems to > work. That is, the http web-site had a port of 10180, and the http > loadbalancer listened on port 80. This was no problem. So if you want to > have the loadbalancer and web-site on the same ip address, you will need to > set the website port to something else so they don't conflict. > > > 3. the same rules apply for the loadbalancer as orion for unix machines. You > need to use some port forwarding, like ipchains, if you want to run the > loadbalancer on a user account which is not the superuser. This applies also > for the ssl port. (skip 3 if you are using m$ or don't care) > 4. the ssl setup in the load-balancer.xml (see the ssl-config tag in the > load-balancer.xml documentation) is the same as the secure-web-site.xml, but > you will have to set the secure flag in the load-balancer tag. Obviously, > this means you will need a keystore for the loadbalancer, and a keystore for > the backend for total secure communication. I believe that the communication > to the backend is transparant to the user, so you can self certify that > connection, irregardless of what those guys at verisign say. > 5. you can skip all of this and use apache for ssl (interesting, but slow). > This is what oracle advises, because they can't figure out orion, or they > have so much invested in the "apache/oracle" solution. > > > > This option is looking better and better. > > > > I'm testing this now, as soon as I get through the hickups, I will let the > list know. > > regards, > > the elephantwalker > > > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAI
Verisign 128-bit and orion 1.5.2 ??
Hello all. I have installed a Verisign 128-bits server-certificate into a Java keystore to be used by Orion 1.5.2. I encounter no problem at all in generating keys, generating a csr or importing the certificate from Verisign and Orion runs fine. (I did use the ssl-guide) BUT. connecting to the secure site with OTHER browser than IE 5.5 or IE (5.0) with 128-bits encryption pack fails!! (netscape not tested) For example. IE 5.0 (not with 128-bits) says "the page can not be displayed" with IE 4.0 I get a message box stating "An error occured in the secure chanel support". The browser should not be the problem. Verisign states IE 4.0 or later will work. It does really work to connect with IE 4.0+ to other sites with 128-bits servercertificates. Connecting with openssl or other tool for getting the servercertificate shows that orion sends the installed certifikate information and all seems to be ok. If I put the flag -Djavax.net.debug=all and run orion all seem ok until I try to connect to my secure site with an older browser (IE 5.0). I see in the end of the information printed out a "handshake_fail" and all stops with the browser showing information above. Any have seen this behaviour before and anyone have a idea how to resolve this? 40-bits certificates (selfmade or for test) works just fine. I appreciate all information. Thanks in advance. Tomas __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Re: Cookies larger than 20k
http://www.atlassian.com/ seems to be the latest support web site - seems like the same company. --- Orion Developers <[EMAIL PROTECTED]> wrote: > We're having problems passing cookies greater then 20k in size. We get a > http: 413 error, and the servlets seem to truncate over that limit. > > Also, is there a version/bug fix list available to the public? we are on > 1.4.5 and I am wondering about 1.5.2, and what issues have been addressed. > > Finally, has ANYONE had any success getting ahold of Cadrion, the alleged > 'support partner' of Orion?? > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Re: Cookies larger than 20k
Here are the changes since 1.4.5 -- 1.5.2 -- Added support for pluggable resource providers (resource-provider tag in orion-application.xml). Fixed #307 'Servlet API can't handle HTTP/1.1 chunked data' Fixed #402 'Directories being created while WAR file is not found' Fixed #420 'Extracting JSP Pages with 0 bytes in length from a EAR archive' Fixed #426 'JSP traduction fails when containing more than one jsp:plugin' Fixed #466 'NPE at startup' Fixed #469 'NotSerializableExcpetion when starting up server' Fixed #479 'env-entry-mapping settings in orion-web.xml are being overwritten' Fixed #485 'servlet-webdir attribute of orion-web-app inconsistent with documentation' Fixed #488 'HTTP headers are not case-insensitive' -- 1.5.1 -- Fixed #89 'exclusive-write-access with transactions fails to compile' Fixed #447 'incorrect hangs the server' Fixed #455 'unsent BytesMessage write protected' Fixed #456 'escaping of \n \r \t \" and \\ is broken' Fixed #457 'MDB does not consume the persistent messages from a queue' Fixed #460 'Impossible to deploy a CMP entity bean without fields other' Fixed #463 'OR Map broken' Fixed #464 'Error while compiling wrappers for EJBs' -- 1.5.0 -- Added instance-cache-timeout and pool-cache-timeout to entity-deployment in orion-ejb-jar.xml. Fixed #139 'Required/RequiresNew mixture throws java.lang.InternalError' Fixed #227 'Unsuccessful finder method call, causes transaction rollback' Fixed #247 'Error in ejbPassivate when exclusive-write-access="false"' Fixed #406 'JSP <%= %> escape support' Fixed #414 '"Was not in used mode" exception' Fixed #418 'Class _yw has missing access specifier' Fixed #421 'jms BytesMessage reset() doesn't put message in read-only mode' Fixed #423 'Delays to respond shortly after an HTTP POST' Fixed #430 'Error page for error 403 isn't active for the WEB-INF direct' Fixed #432 'Forwarding via RequestDispatcher ignores query string' Fixed #433 'Transactional Session bean, CMPs, and RuntimeExceptions' Fixed #444 'JSP authentication problem with the default connection factory' Fixed #453 'Error reporting for invalid type in javax.jms.Message.setObjectProperty(name, value)' -- 1.4.8 -- Added 'casing' parameter to the DataSourceUserManager. Removed method '*' from the set of legal values in a HTTP resource collection since it was never added to a formalized version of the Servlet spec. Fixed form-login to persist parameters and path properly when going through login/failed login. Fixed applicationlauncher downloading helper jars defined in the manifest of the application-client. Moved the principals.xml reference from config/server.xml to config/application.xml and removed it from the application-server DTD. Updated JavaMail version to 1.2. Updated JAXP version to 1.1. Added AJP13 support. Moved orion-ejb-jar.xml's inclusion path in an ejb-jar to the META-INF/ directory from the orion/ directory for consistency. Fixed #324 EJB Display Name and EJB Name will not stick. Fixed #14 'ClassCastException after restart of application' Fixed #19 'Reconnecting after server stop and restart fails' Fixed #83 'Orion hangs on startup' Fixed #108 'Post requests get truncated when going through a proxy' Fixed #137 'Chinese Character in JSP messed up after compile' Fixed #145 'System exception in ejbCreate does not rollback transaction' Fixed #158 'OR-mapping error when exclusive-write-access="false"' Fixed #180 'No warnings/errors when specifying an invalid access-log file' Fixed #189 'findXY() returns NULL if other thread removed one entry' Fixed #212 'POSTing from applet to servlet in Netscape broken (if size m...' Fixed #229 'Problem with composite keys used with custom persistence' Fixed #236 'web.xml Listener, Filter, and Filter-Mapping Tags in .war re...' Fixed #296 '<%@ include uses previous include directory...' Fixed #297 'when BMP create fails it always throws java.lang.NullPointer' Fixed #305 'JSP page can't inherit from own base class' Fixed #307 'Servlet API can't handle HTTP/1.1 chunked data' Fixed #323 'Creating application.log requires a restart' Fixed #330 'Wrong page referred when using & parsing error...' Fixed #333 'JMS client sender to queue fails' Fixed #337 'Disallowed keywords in database scheme do not work for prima Fixed #338 'url-patterns must all start with slash' Fixed #341 'Content-Location is Wrong' Fixed #345 'ClassLoader.getResource returns bad URL for jar-based resources' Fixed #354 ' tag becoming un-terminated...' Fixed #355 'Session.createSubscriber(topic, null, true) doesn't work for...' Fixed #358 'Using $path in web-site.xml access-log format causes java.la...' Fixed #361 'Invalid HTTP response from Orion' Fixed #364 'Servlet with encoding set hangs up (goes into infinite loop?)' Fixed #366 'PostFileInputStream.read(byte[] data, int start, int length)' Fixed #368 'Multiple connections used within a single transaction' Fixed #373 'Element user-manager in orion-application.dtd expects at lea...' Fixed #374 'DatasourceUserMana
RE: MS SQL 7.0
I assume you backed it up before you started deleting some files. Restore from your backup. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 26, 2001 9:43 AM To: Orion-Interest Subject:MS SQL 7.0 Hi all: This question is not specifically related to orion but I'm hoping that one of you might be able to assist me in solving a critical problem. Our system uses a MSSQL database for security validation and user login. Yesterday we found that the LDF grew to 256 mega-bytes and filled up the hard drive of the server. A decision was made to delete the LDF in the hope that MSSQL would recreate the LDF and begin writing to it again. Unfortunately this did not work so they attempted to copy the same LDF back. Now, the server won't start because it has labled our database as suspect. Is there anyway to solve this? Please write back to me if anyone has any ideas. Thank You Sincerely, Andrew Papada IDSS
Cookies larger than 20k
We're having problems passing cookies greater then 20k in size. We get a http: 413 error, and the servlets seem to truncate over that limit. Also, is there a version/bug fix list available to the public? we are on 1.4.5 and I am wondering about 1.5.2, and what issues have been addressed. Finally, has ANYONE had any success getting ahold of Cadrion, the alleged 'support partner' of Orion?? _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: (my) problem locating a textfile from a Servlet
Have you tried a leading slash?
file1 = getServletContext().getResource( "/WEB-INF/log4j.xml" );
What we do, is get the "real" path with:
String realPath = this.getServletContext().getRealPath( "/WEB-INF/dir" );
new File( realPath, fileName );
We do this because getResource() is so dependent on ClassLoaders.
tim.
> Hi,
>
> I wanted to port a (running) application from tomcat to orion. It seems
> my coding is not proper/portable.
>
> In my war-archive included (in WEB-INF subdirectory) are several
> text config files (yes I know JNDI is a better way -but its lowest common
> functionality) - and these files I want to access in my servlet code.
>
> Following servlet code does not find these files running in orion while
> working fine with tomcat 3.2.
>
> For a beginner: whats the correct way to load such files ?
>
>
>
>
> package de.adig.vbh.wc.controller;
> ...
> public class UIMain extends HttpServlet {
> ...
> file1 = getServletContext().getResource("WEB-INF/log4j.xml");
>
> file2 =
> getServletContext().getResource("WEB-INF/wc-config.xml");
>
>
>
>
> ==> both files are null in orion, but found in tomcat.
>
> files are in dir WEB-INF/ that is in a war-archive that is in an
> ear-archive.
> they got successfully unpacked by orion and can be seen in orionconsole
>
> Manfred Regele
> ADIG Investment GmbH
> 22 Methoden&Tools
> Richard-Reitzner-Allee 2
> 85540 Haar
> Tel: 089/46268-308
> mailto:[EMAIL PROTECTED]
> http://www.adig.de
>
>
JMS and Asynch messaging
I cant seem to get asynchronous messaging working. I have tried setMessageListener from the receiver level and the session level and onMessage has never gotten called in either case. I am using version 1.5.2 Does anyone know if this works. Synchronous messaging is working fine.
RE: State propagation and jsp-beans
Anything serializable in session will get replicated. Claudio > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, June 26, 2001 7:15 AM > To: Orion-Interest > Subject: State propagation and jsp-beans > > > Hi all. > > Does anyone know if it is doable to get the state in a > jsp-bean or the bean itself (if implementing > serializable) propagated to the other JVM's in a > clustered envirionment. > I have the cluster up and working fine and session > state is replicated, but how about the beans??? > > Regards > > //Mike > > _ > Do You Yahoo!? > [EMAIL PROTECTED] - skaffa en gratis mailadress på http://mail.yahoo.se > >
RE: clustering + ssl together
Here are the in the plan so far...see below. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of elephantwalker Sent: Monday, June 25, 2001 1:29 AM To: Orion-Interest Subject: RE: clustering + ssl together Greg, I am doing this now, so I will get back to the list when I am finished. This is my working plan: 1. there are two loadbalancers instances, one for http and one for https. These can be on the same machine or seperate machines. At one level this works, but you have to set the minimumIsland/maximumIsland so that each respective loadbalancer picks up either the https island or the http island. However, https connections do not work. It could be because of this blurb in the load-balancer.xml description: secure - Whether or not to use SSL. The default is false. SSL is only used when using session (not IP) based balancing and the backend and the site is using SSL. If you specify the balancer to use SSL then the backend servers will not (the balancer converts to HTTP, ie contains the SSL layer). Note that this puts the strain of decoding the SSL on the balancer. I'm sorry, but does this say that we have the option of NOT using SSL for the balancer, but using it for the backend? Or if we use SSL for the balancer, SSL isn't used on the backend (and thus we have to strip all of the SSL configuration from the backend)? 2. the ports for your web-sites can be different from your loadbalancer(s) port. This allows you to have the loadbalancer and an orion instance on the same machine, for example. Or the ports can be the same, in which case the loadbalancer(s) has to be on a different machine. Since web-sites are load-balanced (not applications), its important that each *web-site.xml which you use have its own island. This is done by setting the cluster-island attribute in the web-site tag. See above for reference to min/max island ids for the loadbalancer. The port bit seems to work. That is, the http web-site had a port of 10180, and the http loadbalancer listened on port 80. This was no problem. So if you want to have the loadbalancer and web-site on the same ip address, you will need to set the website port to something else so they don't conflict. 3. the same rules apply for the loadbalancer as orion for unix machines. You need to use some port forwarding, like ipchains, if you want to run the loadbalancer on a user account which is not the superuser. This applies also for the ssl port. (skip 3 if you are using m$ or don't care) 4. the ssl setup in the load-balancer.xml (see the ssl-config tag in the load-balancer.xml documentation) is the same as the secure-web-site.xml, but you will have to set the secure flag in the load-balancer tag. Obviously, this means you will need a keystore for the loadbalancer, and a keystore for the backend for total secure communication. I believe that the communication to the backend is transparant to the user, so you can self certify that connection, irregardless of what those guys at verisign say. 5. you can skip all of this and use apache for ssl (interesting, but slow). This is what oracle advises, because they can't figure out orion, or they have so much invested in the "apache/oracle" solution. This option is looking better and better. I'm testing this now, as soon as I get through the hickups, I will let the list know. regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Matthews Sent: Sunday, June 24, 2001 3:02 PM To: Orion-Interest Subject: clustering + ssl together dear all, there has been a recent post on this but no solution posted. i've got some more info on the problem. can the developers of orion or anyone else let me know if anyone has successfully set up an ssl orion cluster? i can: - set up clustering - set up ssl ...but not both together. some clues. 1. on orionserver.com there is doco for load-balancer.xml that suggests loadbalancer.jar can be given SSL keystore information. does this mean that a clustered SSL setup requires loadbalancer to share the same keystore as each box in the cluster? 2. how do you set the web-site.xml for a clustered secure app. you can't have both the loadbalancer + your secure app both running on port 443 on the same box, so what do you do? i) run loadbalancer on another port? ii) run your app on another port? - the orion doco says that when your app needs to be made secure you should add a secure="true" attribute to the web-site element of the web-site.xml plus remove the port attribute. if someone has made this work i'd be grateful for any information, or if you couldn't be bothered explaining how to do it, just maybe forward me your server.xml, loadbalancer.xml, web-site.xml and i'll work it out from that. thanks. greg.
MS SQL 7.0
Hi all: This question is not specifically related to orion but I'm hoping that one of you might be able to assist me in solving a critical problem. Our system uses a MSSQL database for security validation and user login. Yesterday we found that the LDF grew to 256 mega-bytes and filled up the hard drive of the server. A decision was made to delete the LDF in the hope that MSSQL would recreate the LDF and begin writing to it again. Unfortunately this did not work so they attempted to copy the same LDF back. Now, the server won't start because it has labled our database as suspect. Is there anyway to solve this? Please write back to me if anyone has any ideas. Thank You Sincerely, Andrew Papada IDSS
(my) problem locating a textfile from a Servlet
Hi,
I wanted to port a (running) application from tomcat to orion. It seems
my coding is not proper/portable.
In my war-archive included (in WEB-INF subdirectory) are several
text config files (yes I know JNDI is a better way -but its lowest common
functionality) - and these files I want to access in my servlet code.
Following servlet code does not find these files running in orion while
working fine with tomcat 3.2.
For a beginner: whats the correct way to load such files ?
package de.adig.vbh.wc.controller;
...
public class UIMain extends HttpServlet {
...
file1 = getServletContext().getResource("WEB-INF/log4j.xml");
file2 =
getServletContext().getResource("WEB-INF/wc-config.xml");
==> both files are null in orion, but found in tomcat.
files are in dir WEB-INF/ that is in a war-archive that is in an
ear-archive.
they got successfully unpacked by orion and can be seen in orionconsole
Manfred Regele
ADIG Investment GmbH
22 Methoden&Tools
Richard-Reitzner-Allee 2
85540 Haar
Tel: 089/46268-308
mailto:[EMAIL PROTECTED]
http://www.adig.de
RE: orion and external jms
Hi, Recently we tried to integrate SonicMQ with Orion by using MDB, but failed. The direct reason seems that the tag doesn't work, but I doubt Orion 1.5.2 dosen't support this feathure right now. So, we have to back to ejb 1.1. If you got any progress, please let us know. Hope helpful! Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Karri Niemelä Sent: Tuesday, June 26, 2001 5:07 AM To: Orion-Interest Subject: orion and external jms Has someone managed to use external jms server with message driven beans? I'm trying to combine orion with swiftmq.
Re: SV: Anyone using TogetherSoft TCC with Orion?
We use another product called CocoBase by Thought Inc. It handles all of our 1:* relationships.
At this point you need to use an O/R mapping tool or write your own code to do it. Until EJB 2.2 or 2.3 is formalized.
Jonathan Bricker
Lilly Research Labs
Java ATG
Magnus Rydin <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/26/01 07:51 AM
Please respond to Orion-Interest
To: Orion-Interest <[EMAIL PROTECTED]>
cc:
Subject: SV: Anyone using TogetherSoft TCC with Orion?
How do you model EJB 2.0 relations with Together?
WR
-Ursprungligt meddelande-
Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Skickat: den 26 juni 2001 05:31
Till: Orion-Interest
Ämne: Re: Anyone using TogetherSoft TCC with Orion?
We are using TogetherJ with Orion. I'm not sure I can help you but for hot deployment we just make an .ear file and move it to the applications directory. Orion does the rest. All done in a make file.
>From our makefile:
### begin: rules for creating application jar.
DIST_DIR=$(APP_HOME)/dist
EJB_TMP_DIR=$(APP_HOME)/ejb_tmp
deploy:
cp $(APP_NAME).ear $(ORION_HOME)/applications
dist: pre_dist ejb_jar war
@echo "-"
@echo "Creating $(APP_NAME) EAR ..."
@cd $(DIST_DIR); \
$(JAR) cf ../$(APP_NAME).ear *;
@echo "-"
rm -rf $(DIST_DIR);
pre_dist: FORCE
@echo "-"
@echo "Preparing EAR ..."
@mkdir -p $(DIST_DIR)/META-INF;
@cp application.xml $(DIST_DIR)/META-INF;
@echo "-"
war: $(DIST_DIR)
@echo "-"
@echo "Creating WEB Archive (WAR)..."
@rm -rf web/WEB-INF/classes/com;
@cd web/WEB-INF/classes; \
cp -rf $(APP_HOME)/lib/* .;
@cp -rf web web_tmp;
@cd web_tmp; \
find . -name CVS -prune -exec rm -rf {} \;
@cd web_tmp; \
$(JAR) cf $(DIST_DIR)/$(APP_NAME).war *;
@rm -rf web_tmp;
@echo "-"
ejb_jar: $(DIST_DIR) ejb-jar.xml
@echo "-"
@echo "Creating EJB JAR..."
@mkdir -p $(EJB_TMP_DIR);
@cd $(EJB_TMP_DIR); \
cp -rf $(APP_HOME)/lib/* .;
@mkdir -p $(EJB_TMP_DIR)/META-INF;
@cp $(APP_HOME)/ejb-jar.xml $(EJB_TMP_DIR)/META-INF/;
@cd $(EJB_TMP_DIR); \
$(JAR) cf $(DIST_DIR)/$(APP_NAME)Ejb.jar *;
@rm -rf $(EJB_TMP_DIR);
@echo "-"
$(DIST_DIR):
mkdir -p $(DIST_DIR);
$(EJB_TMP_DIR):
mkdir -p $(EJB_TMP_DIR);
deploy_web:
cd web; \
rm -f *~; \
cp -rf * $(ORION_HOME)/applications/$(APP_NAME)/$(APP_NAME)
### end: rules for creating application jar.
Jonathan Bricker
Lilly Research Labs
Java ATG
"Ronald F. Lens" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/25/01 02:09 PM
Please respond to Orion-Interest
To: Orion-Interest <[EMAIL PROTECTED]>
cc:
Subject: Anyone using TogetherSoft TCC with Orion?
Hi all,
Does anyone have any experience using TogetherSoft TCC v5 (or 4.x) with
orion? I'm still struggling to get the deployment tool to work with orion.
I got pretty close using the EJB 2.0 generic version in TogetherSoft but
it doesn't provide all the bells and whistles you'd like (like hot
deployment).
Any help would be greatly appreciated.
Ronald
--
"A thinking computer, isn't that like a swimming ship?"
State propagation and jsp-beans
Hi all. Does anyone know if it is doable to get the state in a jsp-bean or the bean itself (if implementing serializable) propagated to the other JVM's in a clustered envirionment. I have the cluster up and working fine and session state is replicated, but how about the beans??? Regards //Mike _ Do You Yahoo!? [EMAIL PROTECTED] - skaffa en gratis mailadress på http://mail.yahoo.se
RE: Postgresql error: NullPointerException at getTables(DatabaseMetaData.java:1707)
Sounds like a jdbc driver problem. Which version of postgres are you running? Later versions (I run 7.1) include the jdbc source and it is optionally compiled (see ./configure --help for options). Also check at http://www.retep.org.uk/postgres/. Perhaps an older jdbc driver did not properly implement getTables()? -tim -Original Message-From: Brent Usrey [mailto:[EMAIL PROTECTED]]Sent: Monday, June 25, 2001 12:12 AMTo: Orion-InterestSubject: Postgresql error: NullPointerException at getTables(DatabaseMetaData.java:1707) I'm having problem deploying the addressbook example on Postgresql. When Orion tries to build the table I get the error below. It works fine if I build the table manually, or if I run it on Hypersonic or Oracle. I have been through the article at http://www.orionsupport.com/articles/postgres.html and still can't get it to work. Any help is appreciated Brent Auto-deploying addressbook (New server version detected)...Auto-deploying addressbook-ejb.jar (No previous deployment found)... java.lang.NullPointerException at org.postgresql.jdbc2.DatabaseMetaData.getTables(DatabaseMetaData.java:1707) at com.evermind._au._jlb(Unknown Source) at com.evermind._px._jlb(Unknown Source) at com.evermind._px._bb(Unknown Source) at com.evermind._au._bb(Unknown Source) at com.evermind._dq._qzb(Unknown Source) at com.evermind._ck._qzb(Unknown Source) at com.evermind._ck._at(Unknown Source) at com.evermind.server.ApplicationServer._as(Unknown Source) at com.evermind.server.ApplicationServer._wl(Unknown Source) at com.evermind.server.ApplicationServer._at(Unknown Source) at com.evermind._in.run(Unknown Source) at java.lang.Thread.run(Thread.java:484) at com.evermind._if.run(Unknown Source)
Re: Anyone using TogetherSoft TCC with Orion?
I also do similar, but I use ANT
For all the rest of you, TogetherJ is very worth checking out.
- Original Message -
From:
[EMAIL PROTECTED]
To: Orion-Interest
Sent: Tuesday, June 26, 2001 8:31
AM
Subject: Re: Anyone using TogetherSoft
TCC with Orion?
We are using TogetherJ with
Orion. I'm not sure I can help you but for hot deployment we just make
an .ear file and move it to the applications directory. Orion does the
rest. All done in a make file. From our makefile: ### begin: rules for creating application jar. DIST_DIR=$(APP_HOME)/dist EJB_TMP_DIR=$(APP_HOME)/ejb_tmp
deploy: cp $(APP_NAME).ear
$(ORION_HOME)/applications dist:
pre_dist ejb_jar war
@echo "-"
@echo "Creating
$(APP_NAME) EAR ..."
@cd $(DIST_DIR); \ $(JAR) cf ../$(APP_NAME).ear *;
@echo
"-" rm -rf $(DIST_DIR); pre_dist: FORCE
@echo
"-" @echo "Preparing EAR ..." @mkdir -p
$(DIST_DIR)/META-INF;
@cp application.xml $(DIST_DIR)/META-INF; @echo
"-" war: $(DIST_DIR) @echo
"-" @echo "Creating WEB Archive
(WAR)..."
@rm -rf web/WEB-INF/classes/com; @cd web/WEB-INF/classes; \ cp -rf $(APP_HOME)/lib/*
.; @cp -rf
web web_tmp;
@cd web_tmp; \
find . -name CVS -prune -exec rm -rf {} \; @cd web_tmp; \
$(JAR) cf
$(DIST_DIR)/$(APP_NAME).war *;
@rm -rf web_tmp; @echo
"-" ejb_jar: $(DIST_DIR) ejb-jar.xml
@echo
"-" @echo "Creating EJB JAR..."
@mkdir -p
$(EJB_TMP_DIR);
@cd $(EJB_TMP_DIR); \
cp -rf $(APP_HOME)/lib/* .; @mkdir -p
$(EJB_TMP_DIR)/META-INF;
@cp $(APP_HOME)/ejb-jar.xml $(EJB_TMP_DIR)/META-INF/;
@cd
$(EJB_TMP_DIR); \
$(JAR) cf $(DIST_DIR)/$(APP_NAME)Ejb.jar *; @rm -rf
$(EJB_TMP_DIR);
@echo "-" $(DIST_DIR): mkdir -p $(DIST_DIR); $(EJB_TMP_DIR): mkdir -p $(EJB_TMP_DIR);
deploy_web: cd web; \ rm -f *~; \
cp -rf *
$(ORION_HOME)/applications/$(APP_NAME)/$(APP_NAME) ### end: rules for creating application jar.
Jonathan BrickerLilly Research
LabsJava ATG
"Ronald F. Lens"
<[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED]
06/25/01 02:09 PM Please respond to Orion-Interest
To:
Orion-Interest
<[EMAIL PROTECTED]> cc:
Subject: Anyone using TogetherSoft TCC
with Orion?Hi all,Does anyone have any experience using TogetherSoft TCC
v5 (or 4.x) withorion? I'm still struggling to get the deployment tool to
work with orion.I got pretty close using the EJB 2.0 generic version in
TogetherSoft butit doesn't provide all the bells and whistles you'd like
(like hotdeployment).Any help would be greatly
appreciated.Ronald-- "A thinking computer, isn't that like
a swimming ship?"
SV: Anyone using TogetherSoft TCC with Orion?
How do
you model EJB 2.0 relations with Together?
WR
-Ursprungligt meddelande-Från:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Skickat: den 26 juni 2001
05:31Till: Orion-InterestÄmne: Re: Anyone using
TogetherSoft TCC with Orion?We are using TogetherJ with Orion. I'm not sure I can help you
but for hot deployment we just make an .ear file and move it to the
applications directory. Orion does the rest. All done in a make
file. From our
makefile: ### begin: rules for
creating application jar. DIST_DIR=$(APP_HOME)/dist EJB_TMP_DIR=$(APP_HOME)/ejb_tmp deploy:
cp $(APP_NAME).ear $(ORION_HOME)/applications
dist: pre_dist ejb_jar war
@echo
"-" @echo "Creating $(APP_NAME) EAR ..."
@cd $(DIST_DIR);
\ $(JAR)
cf ../$(APP_NAME).ear *;
@echo "-" rm -rf $(DIST_DIR);
pre_dist: FORCE
@echo
"-" @echo "Preparing EAR ..." @mkdir -p
$(DIST_DIR)/META-INF;
@cp application.xml $(DIST_DIR)/META-INF; @echo
"-" war: $(DIST_DIR) @echo
"-" @echo "Creating WEB Archive
(WAR)..."
@rm -rf web/WEB-INF/classes/com; @cd web/WEB-INF/classes; \ cp -rf $(APP_HOME)/lib/*
.; @cp -rf
web web_tmp;
@cd web_tmp; \
find . -name CVS -prune -exec rm -rf {} \; @cd web_tmp; \
$(JAR) cf
$(DIST_DIR)/$(APP_NAME).war *;
@rm -rf web_tmp; @echo
"-" ejb_jar: $(DIST_DIR) ejb-jar.xml
@echo
"-" @echo "Creating EJB JAR..."
@mkdir -p
$(EJB_TMP_DIR);
@cd $(EJB_TMP_DIR); \
cp -rf $(APP_HOME)/lib/* .; @mkdir -p
$(EJB_TMP_DIR)/META-INF;
@cp $(APP_HOME)/ejb-jar.xml $(EJB_TMP_DIR)/META-INF/;
@cd
$(EJB_TMP_DIR); \
$(JAR) cf $(DIST_DIR)/$(APP_NAME)Ejb.jar *; @rm -rf
$(EJB_TMP_DIR);
@echo "-" $(DIST_DIR): mkdir -p $(DIST_DIR); $(EJB_TMP_DIR): mkdir -p $(EJB_TMP_DIR);
deploy_web: cd web; \ rm -f *~; \
cp -rf *
$(ORION_HOME)/applications/$(APP_NAME)/$(APP_NAME) ### end: rules for creating application jar.
Jonathan BrickerLilly Research
LabsJava ATG
"Ronald F. Lens"
<[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED]
06/25/01 02:09 PM Please respond to Orion-Interest
To:
Orion-Interest
<[EMAIL PROTECTED]> cc:
Subject: Anyone using TogetherSoft TCC
with Orion?Hi all,Does anyone have any experience using TogetherSoft TCC
v5 (or 4.x) withorion? I'm still struggling to get the deployment tool to
work with orion.I got pretty close using the EJB 2.0 generic version in
TogetherSoft butit doesn't provide all the bells and whistles you'd like
(like hotdeployment).Any help would be greatly
appreciated.Ronald-- "A thinking computer, isn't that like
a swimming ship?"
Re: Anyone using TogetherSoft TCC with Orion?
We are using TogetherJ with Orion. I'm not sure I can help you but for hot deployment we just make an .ear file and move it to the applications directory. Orion does the rest. All done in a make file.
From our makefile:
### begin: rules for creating application jar.
DIST_DIR=$(APP_HOME)/dist
EJB_TMP_DIR=$(APP_HOME)/ejb_tmp
deploy:
cp $(APP_NAME).ear $(ORION_HOME)/applications
dist: pre_dist ejb_jar war
@echo "-"
@echo "Creating $(APP_NAME) EAR ..."
@cd $(DIST_DIR); \
$(JAR) cf ../$(APP_NAME).ear *;
@echo "-"
rm -rf $(DIST_DIR);
pre_dist: FORCE
@echo "-"
@echo "Preparing EAR ..."
@mkdir -p $(DIST_DIR)/META-INF;
@cp application.xml $(DIST_DIR)/META-INF;
@echo "-"
war: $(DIST_DIR)
@echo "-"
@echo "Creating WEB Archive (WAR)..."
@rm -rf web/WEB-INF/classes/com;
@cd web/WEB-INF/classes; \
cp -rf $(APP_HOME)/lib/* .;
@cp -rf web web_tmp;
@cd web_tmp; \
find . -name CVS -prune -exec rm -rf {} \;
@cd web_tmp; \
$(JAR) cf $(DIST_DIR)/$(APP_NAME).war *;
@rm -rf web_tmp;
@echo "-"
ejb_jar: $(DIST_DIR) ejb-jar.xml
@echo "-"
@echo "Creating EJB JAR..."
@mkdir -p $(EJB_TMP_DIR);
@cd $(EJB_TMP_DIR); \
cp -rf $(APP_HOME)/lib/* .;
@mkdir -p $(EJB_TMP_DIR)/META-INF;
@cp $(APP_HOME)/ejb-jar.xml $(EJB_TMP_DIR)/META-INF/;
@cd $(EJB_TMP_DIR); \
$(JAR) cf $(DIST_DIR)/$(APP_NAME)Ejb.jar *;
@rm -rf $(EJB_TMP_DIR);
@echo "-"
$(DIST_DIR):
mkdir -p $(DIST_DIR);
$(EJB_TMP_DIR):
mkdir -p $(EJB_TMP_DIR);
deploy_web:
cd web; \
rm -f *~; \
cp -rf * $(ORION_HOME)/applications/$(APP_NAME)/$(APP_NAME)
### end: rules for creating application jar.
Jonathan Bricker
Lilly Research Labs
Java ATG
"Ronald F. Lens" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
06/25/01 02:09 PM
Please respond to Orion-Interest
To: Orion-Interest <[EMAIL PROTECTED]>
cc:
Subject: Anyone using TogetherSoft TCC with Orion?
Hi all,
Does anyone have any experience using TogetherSoft TCC v5 (or 4.x) with
orion? I'm still struggling to get the deployment tool to work with orion.
I got pretty close using the EJB 2.0 generic version in TogetherSoft but
it doesn't provide all the bells and whistles you'd like (like hot
deployment).
Any help would be greatly appreciated.
Ronald
--
"A thinking computer, isn't that like a swimming ship?"
orion and external jms
Has someone managed to use external jms server with message driven beans? I'm trying to combine orion with swiftmq.
