Hi Tien, 2 ideas: 1) what happens when you define a "PassThrough" route and do a request including the path: " https://sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io/ibm/console"; ? 2) VirtualHost "default_host" will (per default) have a vhost mapping "*:80" and "*:443" .Can you remove these two during these tests, to be sure they do not interfere?
regards Thomas On Fri, Jun 29, 2018 at 9:58 AM Tien Hung Nguyen <tienhng.ngu...@gmail.com> wrote: > Hi Thomas, > > thank you for your response! > > I have tried your approach and set the host of the admin_host virtual host > to my routers name called " > sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io" and pointed it > to the ports 9043, 9060, 443, 80 > > Furthermore, I have set the router to use TLS Termination "Passthrought" > with Insecure Traffic "Redirect": > > However, the approach doesn't work and I get the following error that a > virtualhost to handle / has not been defined. > > > It seems that no virtual host could be found because the admin console > listens only on the path /ibm/console/login.do, which I cannot set if I use > the TLS termination passthrough. > > Therefore, I tried TLS Termination "Edge" with Insecure Traffic "Allow" > after that in order to set the router path to "/ibm/console/login.do". > However, when I do that, I get the 502 Bad Gateway error: > > > I'm using the IBM WebSphere Application Server on OpenShift with security > settings enabled, but using a self-signed certificate (which is the default > settings for IBM WebSphere application server). Therefore, the port 9443 > should be used since the connection was successful when I tried IBM > WebSphere application server running on Docker for Windows only. > > The outputs of the oc describe commands looks at follows: > > $ oc describe routes > Name: sls-coba-was-admin > Namespace: sls-coba-berlin-ffm > Created: 2 days ago > Labels: application=sls-coba > Annotations: openshift.io/host.generated=true > Requested Host: > sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io > exposed on router router 2 days ago > Path: /ibm/console/login.do > TLS Termination: edge > Insecure Policy: Allow > Endpoint Port: <all endpoint ports> > > Service: sls-coba-was-admin > Weight: 100 (100%) > Endpoints: 172.17.0.5:9043 > > $ oc describe svc > Name: sls-coba-was-admin > Namespace: sls-coba-berlin-ffm > Labels: app=sls-coba-was > application=sls-coba > Annotations: <none> > Selector: deploymentconfig=sls-coba-was > Type: ClusterIP > IP: 172.30.203.107 > Port: <unset> 9043/TCP > TargetPort: 9043/TCP > Endpoints: 172.17.0.5:9043 > Session Affinity: None > Events: <none> > > Is there any other solution to resolve this? > Do I have to add the self-signed certificate from WebSphere to the > OpenShift router? > > Is maybe the handshaking process failing because the TLS Termination > "Edge" and the settings are not set right? > > I would be very thankful if you could help us with this problem. > > Regards, > Tien > >> >> >
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
