Doubt

[DSAITES DSAITES]

Present

I have two servers:

- Server A with payara + postgreSQL where I have the transactional system.

- Server B with payara where I initially have an online store with a Let's Encrypt certificate

Future

Have on server B:

- Two online stores

- A Web page

Doubt:

How can I have several deployments in Payara?

How can I have a different domain for each deployment?

[Will Hartung]

On Sun, Sep 5, 2021 at 7:06 AM DSAITES DSAITES <dsait...@gmail.com> wrote:

How can I have several deployments in Payara?

How can I have a different domain for each deployment?

The primary issue with hosting multiple internet domains on a single host is SSL. You can't host different domains from the same IP. Specifically you can't host different SSL certificates from the same IP. It works if you're all using the same certificate with a wildcard cert, but not completely different internet domains.

If you have multiple IP addresses at your disposal, then it's very easy to do. A single host can host any number of IP addresses. You can simply stand up a Payara instance for each IP, it can host the certificates, and they all run on the proper ports bound to proper IP. By default, Payara (like many applications) binds to all of the IPs on the host, but it's a simple change.

Otherwise you're in the realm of load balancers and proxies and other "Contact your network administrator" stuff that needs to be staged in front of your Payara instances, and this really isn't a Payara specific thing, nor is it really the forum for those details.

Even if you are using the wildcard certificate, you need something in front of the instances to accept the traffic and handle the negotiation, Apache with VirtualHost can do that.

Regards,

Will Hartung

[Zahid Rahman]

I have a couple of websites hosted on a Raspberry Pi using SSL.

One of them is running on an application server.  Https://backbtn.ddns.net

Technologies I am using is 

Apache webserver , (virtual hosts).

Mod_proxy 

Single dynamic ip from no-ip.com where the domains are registered .

letsencrypt.org  for SSL.

Port forwarding.

If you are using  ubuntu then there are plenty of instructions on the net and the process of SSL is pretty much automated.

zahid



https://www.backbutton.org

¯\_(ツ)_/¯
♡۶♡۶ ♡۶
   

--
You received this message because you are subscribed to the Google Groups "Payara Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to payara-forum...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/payara-forum/CAKMEDdzY0iQ412%2BVPVY23EjCku4HF7452b%3DVcVeRrsRTTA3MBQ%40mail.gmail.com.

[steve.millidge]

Just to let you know Payara Server supports SNI see  Server Name Indication - SNI :: Payara Community Documentation so you can server multiple SSL hostname/certificate pairs from the same IP address. 

[Will Hartung]

On Mon, Sep 6, 2021 at 2:33 AM steve.millidge <steve.m...@payara.fish> wrote:

Just to let you know Payara Server supports SNI see  Server Name Indication - SNI :: Payara Community Documentation so you can server multiple SSL hostname/certificate pairs from the same IP address.

I had heard this was happening and was possible, I just didn't dig very deep in to it. My quick search netted a 2019 article for Apache on their wiki that didn't mention it (You'd think if anything would support this, Apache would). So, I wasn't sure of the status of this.

This, however, doesn't directly address what (I think) the OP was asking. Simply that they wanted to run to separate domains. They still need some mechanic to route to the appropriate domains and remap the ports. So, I guess a load balancer, once it sets up the original client connection will still be able to route to the proper domain in the backend? It can introspect the handshake for the initial routing and "watch" the tunnel be established. And then, still route the raw stream to the proper domain? Or does the LB have to anchor the server end of the TLS and then forward the results (either unencrypted or re-encrypted to the domain)?

Curious how that works.

Regards,

Will Hartung

 

[Andrew G10i]

Hello everyone,

as per:

Doubt:

How can I have several deployments in Payara?

How can I have a different domain for each deployment?

I may think about two potential options:

1) Run both apps in single Payara Domain with different context roots;

2) Run both apps in separate Payara Domains, so each domain have own port (and as such context root can be the same for both apps in case it is "/").

Then just put nginx as reverse-proxy in front of Payara, so nginx will handle requests to different domain names (each with own HTTPS certificates) on the same IP.

This will work for any of the options listed above.

P.S. It was nice to learn from this topic that Payara supports SNI. :)