Separate SSL configuration for service proxy in WAR deployment in JBOSS?
39 views
Skip to first unread message
Sathish Ganesan
Dec 18, 2015, 1:51:41 AM12/18/15
to membrane-monitor
Hello,
I'm rather new to this Open Source Project (membrane service proxy) and trying out to setup a (.WAR) deployment in our environment (JBOSS)
However I find that the SSL configuration portrayed in examples are not compatible with the Web Application (.WAR)
1. The below configuration doesn't work in the WAR deployment variant.
<ssl>
<keystore location="/WEB-INF/membrane.jks" password="secret" keyPassword="secret" />
<truststore location="/WEB-INF/membrane.jks" password="secret" />
</ssl>
<wsdlRewriter protocol="https" />
2. Can you please let me know how to configure a separate SSL configuration for the Service proxies in proxies.xml when deployed in JBOSS.
3. Is hot deployment supported in WAR deployment. As I could see the hotdeployment variable declared as 'false' in the router configuration.
<router hotDeploy="false" exchangeStore="memoryExchangeStore">
<web:servletTransport id="transport">
Kindly share some pointers on the same
Thanks,
Sathish G
Thomas Bayer
Dec 18, 2015, 2:40:59 AM12/18/15
to membrane...@googlegroups.com
Hello Sathish,
when you run Membrane as WAR it is a regular Web App running inside the Web Container. You have to configure SSL for incomming connections in JBoss not in Membrane. It is not possilbe for a Web Container to transport an encrypted stream to a Web Appilcation. The SSL is always terminated at the Web Container.
I do not know if hotdeployment works in the WAR. Just try it. But it is more for development inside a WAR then for production.
Cheers,
Thomas
when you run Membrane as WAR it is a regular Web App running inside the Web Container. You have to configure SSL for incomming connections in JBoss not in Membrane. It is not possilbe for a Web Container to transport an encrypted stream to a Web Appilcation. The SSL is always terminated at the Web Container.
I do not know if hotdeployment works in the WAR. Just try it. But it is more for development inside a WAR then for production.
Cheers,
Thomas
Am 18.12.15 um 07:51 schrieb Sathish
Ganesan:
--
You received this message because you are subscribed to the Google Groups "membrane-monitor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to membrane-monit...@googlegroups.com.
To post to this group, send email to membrane...@googlegroups.com.
Visit this group at https://groups.google.com/group/membrane-monitor.
For more options, visit https://groups.google.com/d/optout.
Tobias Polley
Dec 18, 2015, 3:25:02 AM12/18/15
to membrane-monitor
Hi.
Hot deployment is not supported on the WAR deployment, as it is the responsibility of the web container (JBoss) to resolve file names (rooted inside the WAR) to InputStreams via the servlet API and the API does not offer anything to retrieve or observe changes of modification dates, for example.
Web Applications are usually deployed as .war files, which might (or might not) be extracted by the container. If you then modify the extracted files you are most certainly in an undefined state concerning the deployment.
I would therefore advise against doing this and setup an automated build and deployment pipeline instead, which allows you to quickly change the proxies.xml file used.
Best, Tobias
Sathish Ganesan
Dec 18, 2015, 3:59:36 AM12/18/15
to membrane-monitor
Hello Tobias,
Our scenario is like in production environment, multiple VM instances will come up and go down.
And the proxies xml should be updated with the new node information in the clusters for the load balancing.
Can you suggest a way forward to achieve this using WAR deployment variant.
And which part of code I can look into.
Thanks,
Sathish G
julia...@gmail.com
Dec 21, 2015, 8:38:46 AM12/21/15
to membrane-monitor
Hi Sathish,
there are several options on how to do this.
* Using Membrane's REST API to dynamically remove/add nodes. This is demoed by examples/loadbalancer-multiple-4 in the distribution.
* Embed Membrane programmatically and call BalancerUtil.up(...) and BalancerUtil.down(...) . Both are thread-safe.
* Using etcdBasedConfigurator . This is under active development and has not yet been fully documented. There is examples/service-discovery-with-etcd when you build the latest master from github though. (A release will follow within the next few days.) This uses an external etcd installation. (See https://github.com/coreos/etcd on what etcd is.) The etcd should contain a list of available nodes. The nodes themselves are responsible for publishing themselves in etcd. etcdBasedConfigurator uses etcd in a read-only manner and creates one or more <balancer>s based on the information it found in etcd.
Best,
Tobias
there are several options on how to do this.
* Using Membrane's REST API to dynamically remove/add nodes. This is demoed by examples/loadbalancer-multiple-4 in the distribution.
* Embed Membrane programmatically and call BalancerUtil.up(...) and BalancerUtil.down(...) . Both are thread-safe.
* Using etcdBasedConfigurator . This is under active development and has not yet been fully documented. There is examples/service-discovery-with-etcd when you build the latest master from github though. (A release will follow within the next few days.) This uses an external etcd installation. (See https://github.com/coreos/etcd on what etcd is.) The etcd should contain a list of available nodes. The nodes themselves are responsible for publishing themselves in etcd. etcdBasedConfigurator uses etcd in a read-only manner and creates one or more <balancer>s based on the information it found in etcd.
Best,
Tobias
Sathish Ganesan
Dec 24, 2015, 3:18:31 AM12/24/15
to membrane-monitor, julia...@gmail.com
Great. It worked. Thanks :)
Reply all
Reply to author
Forward
0 new messages