Jonas Yuan 12 Anos atrás nice post! Thanks, Olaf! Por favor, autentique-se para votar. Responda como... Cancelar
Randall Hidajat 12 Anos atrás Great post Olaf. Thank you for writing that up. Something to add is that when you create the keystore, "your first and last name" should be the address of the website. I have found that you will get a certificate name mismatch if you set that to something else. Por favor, autentique-se para votar. Responda como... Cancelar
Stian Sigvartsen 12 Anos atrás This is a really nice and compact "tutorial" for getting such a infrastructure set up quickly. Thanks for sharing! I'm going to use it to set up a Liferay "play" environment Por favor, autentique-se para votar. Responda como... Cancelar
Rob Hall 10 Anos atrás We are working on setting this up now between a QA and a PROD LR 6.1 GA2 EE instances. Where were are running into issues is in front of the PROD server there is a load balancer and an Apache HTTPD instance on a separate server from Liferay. I think to make this work I may need a Rewrite Rule or proxying configuration on the Apache instance for this (separate from what is there for AJP now). Anyone successfully do remote staging in a context like this? Por favor, autentique-se para votar. Responda como... Cancelar Olaf Kock Rob Hall 10 Anos atrás I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Por favor, autentique-se para votar. Responda como... Cancelar
Olaf Kock Rob Hall 10 Anos atrás I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Por favor, autentique-se para votar. Responda como... Cancelar
Rob Hall 10 Anos atrás We got it working...we originally were using the IP of the NAT of the staging server in the *hosts.allowed property on the target server (since the staging server doesn't have a public or static IP). But ultimately what worked was using the IP of the load balancer (which is a static IP) in those properties. Por favor, autentique-se para votar. Responda como... Cancelar Olaf Kock Rob Hall 10 Anos atrás - Editado Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Por favor, autentique-se para votar. Responda como... Cancelar
Olaf Kock Rob Hall 10 Anos atrás - Editado Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Por favor, autentique-se para votar. Responda como... Cancelar