Problem configuring Reverse Proxy in SJSWS 7
Hi all,
I was trying to setup reverse proxy on Sun Java System WS 7 for my front-end server to talk to my back-end server application which is /xyz. And I want to access the back-end server app by accessing through my front-end server url. e.g https://aaa.com/xyz
But after configured and try to access the url, I always get this error messageGateway Timeout. Processing of this request was delegated to a server that is not functioning properly.
Below is the obj.conf in my front-end server.
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/webserver7/lib/icons" name="es-internal"
NameTrans fn="map" from="/xyz" name="reverse-proxy-/xyz" to="http:/xyz"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/imagemap" fn="imagemap"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
...
...
<Object ppath="http:*">
Service fn="proxy-retrieve" method="*"
</Object>
<Object name="reverse-proxy-/xyz">
Route fn="set-origin-server" server="https://bbb.com:port number"
</Object>
Hope to see some feedback here. Thanks.
[1874 byte] By [
unix_beea] at [2007-11-27 11:23:44]
# 3
Go the the orgin server if it has NSS DB:
>../../bin/certutil -L -d .
My-CA-CertCTu,u,u
Export the certificate :
>../../bin/pk12util -o /tmp/exported.crt -n My-CA-Cert -d .
To import certificate in instances' config directory you have to first initialize the:
>../../bin/certutil -N -d .
Enter Password or Pin for "NSS Certificate DB":
Re-enter password:
Password changed successfully.
Lets say the file /tmp/exported.crt contained the CA cert of the origin server, import that to NSS Db.
> ../../bin/pk12util -i /tmp/exported.crt -d . -v
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL
Confirm by listing certs
>../../bin/certutil -L -d .
My-CA-Certu,u,u
You can see that the cert imported doesn't contain CT trust flags.
>../../bin/certutil -M -n My-CA-Cert -t 'CTu,u,u' -d .
Now u can see it is now a proper CA cert
>../../bin/certutil -L -d .
My-CA-CertCTu,u,u
mva at 2007-7-29 15:53:23 >
# 6
Hi mv,
Thanks for the kind advise. In terms of the obj.conf, I've done the changes according to your suggestions, but still prompted out the gateway error message. I've already imported the CA cert but to no avail.
I went to check the error log, and I found out this message. Maybe you could enlighten me on this.
[27/Jul/2007:09:54:34] failure ( 2670): for host <ip_address> trying to GET /xyz/, service-http reports: HTTP7758: err
or sending request (SSL_ERROR_BAD_CERT_DOMAIN: Requested domain name does not match the server's certificate.)
Does this mean the server name must be the same with the server-cert subject? Because I noticed the server-cert subject is different with the servers's hostname.
So how should I go on from here?
