Multiple WARs with SSL and common data source configuration.
I have a requirement for two SSL enabled shopping websites to share the same data source. Both websites are owned by the same company. Some of the products are unique to one website and some products are common to both - hence the shared data source to accurately reflect inventory levels.
I have an implementation using Apache2 and mod_jk but I would be very grateful to hear any tips for alternative solutions.
In particular please clarify the following:
- Can WARs inside the same EAR utilize different SSL certificates?
- Can EARs running within different VMs but not within a cluster share a common Persistence Provider Instance (factory / secondary cache)?
Here are the details for my current implementation.
----------------------------------------------------------------
Software:
- Debian 4.0 Etch AMD64
- Apache 2.2.3
- JBoss 4.0.5.GA
- JBoss Seam 1.2.1.GA
- JDK 1.5.0_12
- libapache2-mod-jk 1.2.18
Server Configuration
--------------------------
The server has been configured to have two network addresses through virtual addressing (aka multihomed).
/etc/network/interfaces :
auto eth0 iface eth0 inet static address 192.168.0.81 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.254 auto eth0:0 iface eth0:0 inet static address 192.168.0.82 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255
JBoss configuration
--------------------------
JBoss has been configured with 2 virtual hosts bound to the 2 addresses.
$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml :
<Server>
<Service name="jboss.web"
className="org.jboss.web.tomcat.tc5.StandardService">
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"/>
<Connector port="8009" address="${jboss.bind.address}"
emptySessionPath="true" enableLookups="false" redirectPort="8443"
protocol="AJP/1.3"/>
<Engine name="jboss.web" defaultHost="localhost">
<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
allRolesMode="authOnly"
/>
<Host name="localhost"
autoDeploy="false" deployOnStartup="false" deployXML="false"
configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
>
<Valve className="org.jboss.web.tomcat.tc5.jca.CachedConnectionValve"
cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
transactionManagerObjectName="jboss:service=TransactionManager" />
</Host>
<Host
name="192.168.0.81"
autoDeploy="false"
deployOnStartup="false"
deployXML="false"
>
<Alias>www.domain1.net</Alias>
</Host>
<Host
name="192.168.0.82"
autoDeploy="false"
deployOnStartup="false"
deployXML="false"
>
<Alias>www.domain2.net</Alias>
</Host>
</Engine>
</Service>
</Server>My application is deployed as an EAR containing 2 WARs. The WARs are configured to attach to different addresses.
application.ear/META-INF/application.xml :
<?xml version="1.0" encoding="UTF-8"?> <application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" version="5"> <display-name>domain</display-name> <module> <web> <web-uri>domain1.war</web-uri> <context-root>/</context-root> </web> </module> <module> <web> <web-uri>domain2.war</web-uri> <context-root>/</context-root> </web> </module> SNIP . . .
application.ear/domain1.war/WEB-INF/jboss-web.xml :
<jboss-web> <context-root>/</context-root> <virtual-host>192.168.0.81</virtual-host> </jboss-web>
application.ear/domain2.war/WEB-INF/jboss-web.xml :
<jboss-web> <context-root>/</context-root> <virtual-host>192.168.0.82</virtual-host> </jboss-web>
Apache2 configuration
----------------------------
/etc/apache2/ports.conf :
Listen 192.168.0.81:80 Listen 192.168.0.81:443 Listen 192.168.0.82:80 Listen 192.168.0.82:443
added to /etc/apache2/apache2.conf :
JkWorkersFile /etc/apache2/jk/workers.properties JkLogFile /var/log/apache2/mod_jk.log JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat "%w %V %T"
/etc/apache2/jk/workers.properties :
worker.list=domain1,domain2 worker.domain1.type=ajp13 worker.domain1.host=192.168.0.81 worker.domain1.port=8009 worker.domain2.type=ajp13 worker.domain2.host=192.168.0.82 worker.domain2.port=8009
/etc/apache2/sites-available/www.domain1.net :
NameVirtualHost www.domain1.net:80 NameVirtualHost www.domain1.net:443 <VirtualHost www.domain1.net:80> ServerName www.domain1.net DocumentRoot /var/www/www.domain1.net/ JkMount /* domain1 </VirtualHost> <VirtualHost www.domain1.net:443> ServerName www.domain1.net DocumentRoot /var/www/www.domain1.net/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/domain1.pem JkMount /* domain1 </VirtualHost>
/etc/apache2/sites-available/www.domain2.net :
NameVirtualHost www.domain2.net:80 NameVirtualHost www.domain2.net:443 <VirtualHost www.domain2.net:80> ServerName www.domain2.net DocumentRoot /var/www/www.domain2.net/ JkMount /* domain2 </VirtualHost> <VirtualHost www.domain2.net:443> ServerName www.domain2.net DocumentRoot /var/www/www.domain1.net/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/domain2.pem JkMount /* domain2 </VirtualHost>
Create soft links:
cd /etc/apache2/sites-enabled sudo ln -s /etc/apache2/sites-available/www.domain1.net 001-www.domain1.net sudo ln -s /etc/apache2/sites-available/www.domain2.net 002-www.domain2.net
Create security certificates :
sudo mkdir /etc/apache2/ssl sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/domain1.pem sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/domain2.pem
-----------------------------------------------------
I hope this information is helpful and look forward to your feedback.
