1 Reply Latest reply on Jan 2, 2013 4:52 AM by aogier

    How to configure JBoss 7 to serve different default war for specific hostnames (with SSL)

    aogier
    aogier Dec 18, 2012 6:35 AM

      (Also asked on stackoverflow)

       

      Here is my use case.

      I want to use JBoss 7 to serve 2 different webapps (war) depending on the hostname which is used inside the HTTP request :

      I would prefer that the appX.war were used as root context for each hostname (accessing tohttps://appX.mydomain.com/index.html would use the appX.war/index.html file), but I could accept going to https://appX.mydomain.com/appX/ to access my appX (X is 1 or 2).

      Moreover I would want to use a single IP & port for that configuration, but this seems to be not possible (according to that SO answer & that one) without using Appache HTTPD as a proxy. It would be the alternative but I would prefer not using it.

      I tried to configure that with the standalone mode (and by using different IP). Here is an extract from my standalone.xml :

      {code:xml}
      ...
          <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="app1.mydomain.com" native="true">
              <connector name="https-app1" protocol="HTTP/1.1" scheme="https" socket-binding="app1-https" secure="true">
                  <ssl password="pass1" certificate-key-file="${jboss.server.config.dir}/cert/app1.mydomain.com.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/app1.mydomain.com.crt"/>
              </connector>
              <connector name="https-app2" protocol="HTTP/1.1" scheme="https" socket-binding="app2-https" secure="true">
                  <ssl password="pass2" certificate-key-file="${jboss.server.config.dir}/cert/app2.mydomain.com.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/app2.mydomain.com.crt"/>
              </connector>
              <virtual-server name="app1.mydomain.com" enable-welcome-root="false" default-web-module="app1">
                  <alias name="app1.mydomain.com"/>
              </virtual-server>
              <virtual-server name="app2.mydomain.com" enable-welcome-root="false" default-web-module="app2">
                  <alias name="app2.mydomain.com"/>
              </virtual-server>
      ...
      <interfaces>
          <interface name="app1.mydomain.com">
              <inet-address value="10.0.0.1"/>
          </interface>
          <interface name="app2.mydomain.com">
              <inet-address value="10.0.0.2"/>
          </interface>
      ...
      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
          <socket-binding name="app1-https" interface="app1.mydomain.com" port="443" fixed-port="true"/>
          <socket-binding name="app2-https" interface="app2.mydomain.com" port="443" fixed-port="true"/>
      ...
      {code}

      But that not seems to work as expected...

       

      Is this a bug from JBoss 7.1.1.Final ?

      Does anyone has an idea ?

        • 1. Re: How to configure JBoss 7 to serve different default war for specific hostnames (with SSL)
          aogier
          aogier Jan 2, 2013 4:52 AM (in response to aogier)

          I've replied my own question, here is the report.

           

          Finally, as it seems it's not possible directly using JBoss 7, I've used Apache HTTPD, non root context for my apps, and multiple IPs (the worst I would wanted) :

          {noformat}
          ...
          LoadModule proxy_module modules/mod_proxy.so
          LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
          ...
          Listen 80
          Listen 443
          ...
           
           
          <VirtualHost IP1:80>
                    DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
                    ServerName app1.mydomain.com:80
                    ServerAlias www.app1.mydomain.com
                    ServerAdmin admin@mydomain.com
                    ErrorLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-error.log"
                    TransferLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-access.log"
           
           
                    RewriteEngine On
                    RewriteRule ^/(.*)$ https://app1.mydomain.com/$1 [R]
          </VirtualHost>
           
           
          <VirtualHost IP1:443>
           
           
                    #   General setup for the virtual host
                    DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
                    ServerName app1.mydomain.com:443
                    ServerAlias www.app1.mydomain.com
                    ServerAdmin admin@mydomain.com
                    ErrorLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-error.log"
                    TransferLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-access.log"
           
           
                    ProxyPass /app1 ajp://localhost:8009/app1
                    ProxyPassReverse /app1 https://app1.mydomain.com/app1
           
           
                    RewriteEngine On 
                    RewriteRule ^/$ /app1/ [R]
           
           
                    #   SSL Engine Switch:
                    #   Enable/Disable SSL for this virtual host.
                    SSLEngine on
                    SSLProtocol all -SSLv2
                    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 
           
                    #   Server Certificate:
                    SSLCertificateFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/app1.mydomain.com.crt" 
                    #   Server Private Key:
                    SSLCertificateKeyFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/app1.mydomain.com.key"
                    #   Server Certificate Chain:
                    SSLCertificateChainFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/ca-root.crt"
           
           
                    #   SSL Protocol Adjustments:
                    BrowserMatch "MSIE [2-5]" \
                                         nokeepalive ssl-unclean-shutdown \
                                         downgrade-1.0 force-response-1.0
           
           
                    #   Per-Server Logging:
                    #   The home of a custom SSL log file. Use this when you want a
                    #   compact non-error SSL logfile on a virtual host basis.
                    CustomLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-ssl.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
          </VirtualHost>  
          {noformat}

          That's for app1.

          For app2, just duplicate this configuration and replace app1 with app2 and IP1 with IP2.

            • Actions