Jonas Yuan Vor 12 Jahren nice post! Thanks, Olaf! Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Randall Hidajat Vor 12 Jahren Great post Olaf. Thank you for writing that up. Something to add is that when you create the keystore, "your first and last name" should be the address of the website. I have found that you will get a certificate name mismatch if you set that to something else. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Stian Sigvartsen Vor 12 Jahren This is a really nice and compact "tutorial" for getting such a infrastructure set up quickly. Thanks for sharing! I'm going to use it to set up a Liferay "play" environment Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Rob Hall Vor 10 Jahren We are working on setting this up now between a QA and a PROD LR 6.1 GA2 EE instances. Where were are running into issues is in front of the PROD server there is a load balancer and an Apache HTTPD instance on a separate server from Liferay. I think to make this work I may need a Rewrite Rule or proxying configuration on the Apache instance for this (separate from what is there for AJP now). Anyone successfully do remote staging in a context like this? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Olaf Kock Rob Hall Vor 10 Jahren I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Olaf Kock Rob Hall Vor 10 Jahren I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Rob Hall Vor 10 Jahren We got it working...we originally were using the IP of the NAT of the staging server in the *hosts.allowed property on the target server (since the staging server doesn't have a public or static IP). But ultimately what worked was using the IP of the load balancer (which is a static IP) in those properties. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Olaf Kock Rob Hall Vor 10 Jahren - Bearbeitet Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Olaf Kock Rob Hall Vor 10 Jahren - Bearbeitet Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen