留言板
How to do remote staging?
Dear all,
I am try to configure remote staging. My set up is the following:
1. development server, IP X.X.X.X
This server has two portal instances namely:
- the parent: liferay.mylocaldomain and
- the child: child.mylocaldomain
2. production server, IP Y.Y.Y.Y
This server has the same setup as the development server, only with different domain names, namely:
- the parent: liferay.tld
- the child: child.tld
the email domain of the child on the development server is the same as the email domain of the child on the production server.
The development and production server can ping each other with IP numbers, there are no firewalls involved, both servers are on different routed subnets.
I followed the directions on https://dev.liferay.com/discover/portal/-/knowledge_base/6-2/staging-page-publication#enabling-remote-live-staging,
as well as many variations on the net.
The properties file on both server are nearly equal:
***
setup.wizard.enabled=false
web.server.http.port=443
jdbc.default.jndi.name=jdbc/LiferayPool
mail.session.jndi.name=mail/MailSession
admin.email.from.address=xxx@xxx
admin.email.from.name=xxx
liferay.home=/opt/liferay
company.login.prepopulate.domain=false
company.security.strangers=false
company.security.strangers.verify=false
passwords.encryption.algorithm=SSHA
portal.security.manager.strategy=liferay
cas.auth.enabled=false
facebook.connect.auth.enabled=false
ntlm.auth.enabled=false
open.id.auth.enabled=false
open.sso.auth.enabled=false
siteminder.auth.enabled=false
company.default.web.id=liferay.tld
company.encryption.algorithm=AES
company.encryption.key.size=128
auto.login.hooks=
default.admin.password=mypassword
default.admin.screen.name=xxx
default.admin.email.address.prefix=xxx
default.admin.first.name=xxx
default.admin.middle.name=
default.admin.last.name=xxx
com.liferay.portal.servlet.filters.autologin.AutoLoginFilter=false
com.liferay.portal.servlet.filters.sso.cas.CASFilter=false
com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter=false
com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter=false
com.liferay.portal.servlet.filters.sso.opensso.OpenSSOFilter=false
com.liferay.portal.sharepoint.SharepointFilter=false
com.liferay.portal.servlet.filters.autologin.AutoLoginFilter=false
com.liferay.portal.servlet.filters.gzip.GZipFilter=false
com.liferay.portal.servlet.filters.strip.StripFilter=false
layout.show.portlet.access.denied=false
auth.token.shared.secret=mysecret
company.security.auth.type=emailAddress
redirect.url.security.mode=domain
web.server.https.port=443
web.server.protocol=https
tunneling.servlet.shared.secret=1234567890123456
tunnel.servlet.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y.Y
axis.servlet.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y
auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=
# I have also tried auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y
***
for testing purposes, I have opened in tomcat's server.xml
<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
(normally, I use apache as front-end)
The displaynames, emailaddresses and passwords for the user that does the remote staging is equal on both system (verified with SQL queries in the User_ table on both databases of the servers.
I enabled logging for:
<category name="com.liferay.portal.security.auth.TunnelingServletAuthVerifier">
<priority value="DEBUG" />
</category>
Nevertheless I can not remotely publish from child.mylocaldomain to child.tld.
The log on the production server tells:
***
DEBUG [http-bio-8080-exec-3][TunnelingServletAuthVerifier:70] null
com.liferay.portal.security.auth.RemoteAuthException
at com.liferay.portal.security.auth.TunnelingServletAuthVerifier.verify(TunnelingServletAuthVerifier.java:200)
at com.liferay.portal.security.auth.TunnelingServletAuthVerifier.verify(TunnelingServletAuthVerifier.java:60)
at com.liferay.portal.security.auth.AuthVerifierPipeline._verifyRequest(AuthVerifierPipeline.java:325)
at com.liferay.portal.security.auth.AuthVerifierPipeline.verifyRequest(AuthVerifierPipeline.java:75)
at com.liferay.portal.security.ac.AccessControlImpl.verifyRequest(AccessControlImpl.java:96)
at com.liferay.portal.security.ac.AccessControlUtil.verifyRequest(AccessControlUtil.java:69)
at com.liferay.portal.servlet.filters.authverifier.AuthVerifierFilter.processFilter(AuthVerifierFilter.java:134)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:226)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
***
This tells me that there is apparantly a request from the development server to production server but then authentication fails.
My questions:
1) is there anything wrong with my setup or configuration?
2) is it possible with liferay to publish from the one portal *instance* to the other portal *instance*?
Thanks,
-- JG
I am try to configure remote staging. My set up is the following:
1. development server, IP X.X.X.X
This server has two portal instances namely:
- the parent: liferay.mylocaldomain and
- the child: child.mylocaldomain
2. production server, IP Y.Y.Y.Y
This server has the same setup as the development server, only with different domain names, namely:
- the parent: liferay.tld
- the child: child.tld
the email domain of the child on the development server is the same as the email domain of the child on the production server.
The development and production server can ping each other with IP numbers, there are no firewalls involved, both servers are on different routed subnets.
I followed the directions on https://dev.liferay.com/discover/portal/-/knowledge_base/6-2/staging-page-publication#enabling-remote-live-staging,
as well as many variations on the net.
The properties file on both server are nearly equal:
***
setup.wizard.enabled=false
web.server.http.port=443
jdbc.default.jndi.name=jdbc/LiferayPool
mail.session.jndi.name=mail/MailSession
admin.email.from.address=xxx@xxx
admin.email.from.name=xxx
liferay.home=/opt/liferay
company.login.prepopulate.domain=false
company.security.strangers=false
company.security.strangers.verify=false
passwords.encryption.algorithm=SSHA
portal.security.manager.strategy=liferay
cas.auth.enabled=false
facebook.connect.auth.enabled=false
ntlm.auth.enabled=false
open.id.auth.enabled=false
open.sso.auth.enabled=false
siteminder.auth.enabled=false
company.default.web.id=liferay.tld
company.encryption.algorithm=AES
company.encryption.key.size=128
auto.login.hooks=
default.admin.password=mypassword
default.admin.screen.name=xxx
default.admin.email.address.prefix=xxx
default.admin.first.name=xxx
default.admin.middle.name=
default.admin.last.name=xxx
com.liferay.portal.servlet.filters.autologin.AutoLoginFilter=false
com.liferay.portal.servlet.filters.sso.cas.CASFilter=false
com.liferay.portal.servlet.filters.sso.ntlm.NtlmFilter=false
com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter=false
com.liferay.portal.servlet.filters.sso.opensso.OpenSSOFilter=false
com.liferay.portal.sharepoint.SharepointFilter=false
com.liferay.portal.servlet.filters.autologin.AutoLoginFilter=false
com.liferay.portal.servlet.filters.gzip.GZipFilter=false
com.liferay.portal.servlet.filters.strip.StripFilter=false
layout.show.portlet.access.denied=false
auth.token.shared.secret=mysecret
company.security.auth.type=emailAddress
redirect.url.security.mode=domain
web.server.https.port=443
web.server.protocol=https
tunneling.servlet.shared.secret=1234567890123456
tunnel.servlet.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y.Y
axis.servlet.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y
auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=
# I have also tried auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=127.0.0.1,X.X.X.X,Y.Y.Y
***
for testing purposes, I have opened in tomcat's server.xml
<Connector URIEncoding="UTF-8" connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
(normally, I use apache as front-end)
The displaynames, emailaddresses and passwords for the user that does the remote staging is equal on both system (verified with SQL queries in the User_ table on both databases of the servers.
I enabled logging for:
<category name="com.liferay.portal.security.auth.TunnelingServletAuthVerifier">
<priority value="DEBUG" />
</category>
Nevertheless I can not remotely publish from child.mylocaldomain to child.tld.
The log on the production server tells:
***
DEBUG [http-bio-8080-exec-3][TunnelingServletAuthVerifier:70] null
com.liferay.portal.security.auth.RemoteAuthException
at com.liferay.portal.security.auth.TunnelingServletAuthVerifier.verify(TunnelingServletAuthVerifier.java:200)
at com.liferay.portal.security.auth.TunnelingServletAuthVerifier.verify(TunnelingServletAuthVerifier.java:60)
at com.liferay.portal.security.auth.AuthVerifierPipeline._verifyRequest(AuthVerifierPipeline.java:325)
at com.liferay.portal.security.auth.AuthVerifierPipeline.verifyRequest(AuthVerifierPipeline.java:75)
at com.liferay.portal.security.ac.AccessControlImpl.verifyRequest(AccessControlImpl.java:96)
at com.liferay.portal.security.ac.AccessControlUtil.verifyRequest(AccessControlUtil.java:69)
at com.liferay.portal.servlet.filters.authverifier.AuthVerifierFilter.processFilter(AuthVerifierFilter.java:134)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
at com.liferay.portal.servlet.filters.jsoncontenttype.JSONContentTypeFilter.processFilter(JSONContentTypeFilter.java:42)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:226)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
***
This tells me that there is apparantly a request from the development server to production server but then authentication fails.
My questions:
1) is there anything wrong with my setup or configuration?
2) is it possible with liferay to publish from the one portal *instance* to the other portal *instance*?
Thanks,
-- JG
Hi,
From the logs it seems you are trying to configure staging that is not authenticated at Production. Check if the admin user exists on Production as well.
Regards
From the logs it seems you are trying to configure staging that is not authenticated at Production. Check if the admin user exists on Production as well.
Regards
I found the solution.
If you want to remotely stage, you have to fill in the virtual hostname of the portal instance you publish to. The IP number does not work.
JG
If you want to remotely stage, you have to fill in the virtual hostname of the portal instance you publish to. The IP number does not work.
JG