1 Reply Latest reply on Jan 2, 2013 4:52 AM by Anthony O.

    How to configure JBoss 7 to serve different default war for specific hostnames (with SSL)

    Anthony O. Newbie

      (Also asked on stackoverflow)

       

      Here is my use case.

      I want to use JBoss 7 to serve 2 different webapps (war) depending on the hostname which is used inside the HTTP request :

      I would prefer that the appX.war were used as root context for each hostname (accessing tohttps://appX.mydomain.com/index.html would use the appX.war/index.html file), but I could accept going to https://appX.mydomain.com/appX/ to access my appX (X is 1 or 2).

      Moreover I would want to use a single IP & port for that configuration, but this seems to be not possible (according to that SO answer & that one) without using Appache HTTPD as a proxy. It would be the alternative but I would prefer not using it.

      I tried to configure that with the standalone mode (and by using different IP). Here is an extract from my standalone.xml :

      {code:xml}

      ...

          <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="app1.mydomain.com" native="true">

              <connector name="https-app1" protocol="HTTP/1.1" scheme="https" socket-binding="app1-https" secure="true">

                  <ssl password="pass1" certificate-key-file="${jboss.server.config.dir}/cert/app1.mydomain.com.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/app1.mydomain.com.crt"/>

              </connector>

              <connector name="https-app2" protocol="HTTP/1.1" scheme="https" socket-binding="app2-https" secure="true">

                  <ssl password="pass2" certificate-key-file="${jboss.server.config.dir}/cert/app2.mydomain.com.key" protocol="TLSv1" verify-client="false" certificate-file="${jboss.server.config.dir}/cert/app2.mydomain.com.crt"/>

              </connector>

              <virtual-server name="app1.mydomain.com" enable-welcome-root="false" default-web-module="app1">

                  <alias name="app1.mydomain.com"/>

              </virtual-server>

              <virtual-server name="app2.mydomain.com" enable-welcome-root="false" default-web-module="app2">

                  <alias name="app2.mydomain.com"/>

              </virtual-server>

      ...

      <interfaces>

          <interface name="app1.mydomain.com">

              <inet-address value="10.0.0.1"/>

          </interface>

          <interface name="app2.mydomain.com">

              <inet-address value="10.0.0.2"/>

          </interface>

      ...

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

          <socket-binding name="app1-https" interface="app1.mydomain.com" port="443" fixed-port="true"/>

          <socket-binding name="app2-https" interface="app2.mydomain.com" port="443" fixed-port="true"/>

      ...

      {code}

      But that not seems to work as expected...

       

      Is this a bug from JBoss 7.1.1.Final ?

      Does anyone has an idea ?

        • 1. Re: How to configure JBoss 7 to serve different default war for specific hostnames (with SSL)
          Anthony O. Newbie

          I've replied my own question, here is the report.

           

          Finally, as it seems it's not possible directly using JBoss 7, I've used Apache HTTPD, non root context for my apps, and multiple IPs (the worst I would wanted) :

          {noformat}

          ...

          LoadModule proxy_module modules/mod_proxy.so

          LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

          ...

          Listen 80

          Listen 443

          ...

           

           

          <VirtualHost IP1:80>

                    DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"

                    ServerName app1.mydomain.com:80

                    ServerAlias www.app1.mydomain.com

                    ServerAdmin admin@mydomain.com

                    ErrorLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-error.log"

                    TransferLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-access.log"

           

           

                    RewriteEngine On

                    RewriteRule ^/(.*)$ https://app1.mydomain.com/$1 [R]

          </VirtualHost>

           

           

          <VirtualHost IP1:443>

           

           

                    #   General setup for the virtual host

                    DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"

                    ServerName app1.mydomain.com:443

                    ServerAlias www.app1.mydomain.com

                    ServerAdmin admin@mydomain.com

                    ErrorLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-error.log"

                    TransferLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-access.log"

           

           

                    ProxyPass /app1 ajp://localhost:8009/app1

                    ProxyPassReverse /app1 https://app1.mydomain.com/app1

           

           

                    RewriteEngine On

                    RewriteRule ^/$ /app1/ [R]

           

           

                    #   SSL Engine Switch:

                    #   Enable/Disable SSL for this virtual host.

                    SSLEngine on

                    SSLProtocol all -SSLv2

                    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

           

                    #   Server Certificate:

                    SSLCertificateFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/app1.mydomain.com.crt"

                    #   Server Private Key:

                    SSLCertificateKeyFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/app1.mydomain.com.key"

                    #   Server Certificate Chain:

                    SSLCertificateChainFile "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/SSL/ca-root.crt"

           

           

                    #   SSL Protocol Adjustments:

                    BrowserMatch "MSIE [2-5]" \

                                         nokeepalive ssl-unclean-shutdown \

                                         downgrade-1.0 force-response-1.0

           

           

                    #   Per-Server Logging:

                    #   The home of a custom SSL log file. Use this when you want a

                    #   compact non-error SSL logfile on a virtual host basis.

                    CustomLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/app1.mydomain.com-ssl.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

          </VirtualHost> 

          {noformat}


          That's for app1.

          For app2, just duplicate this configuration and replace app1 with app2 and IP1 with IP2.