Randall Hidajat 12 Years Ago Great post Olaf. Thank you for writing that up. Something to add is that when you create the keystore, "your first and last name" should be the address of the website. I have found that you will get a certificate name mismatch if you set that to something else. Please sign in to reply. Reply as... Cancel
Stian Sigvartsen 12 Years Ago This is a really nice and compact "tutorial" for getting such a infrastructure set up quickly. Thanks for sharing! I'm going to use it to set up a Liferay "play" environment Please sign in to reply. Reply as... Cancel
Rob Hall 10 Years Ago We are working on setting this up now between a QA and a PROD LR 6.1 GA2 EE instances. Where were are running into issues is in front of the PROD server there is a load balancer and an Apache HTTPD instance on a separate server from Liferay. I think to make this work I may need a Rewrite Rule or proxying configuration on the Apache instance for this (separate from what is there for AJP now). Anyone successfully do remote staging in a context like this? Please sign in to reply. Reply as... Cancel Olaf Kock Rob Hall 10 Years Ago I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Please sign in to reply. Reply as... Cancel
Olaf Kock Rob Hall 10 Years Ago I can't reproduce this (but for timing/resourcing issues) thus just a quick workaround: Can you bypass the loadbalancer and just publish to one of the cluster machines directly? Or does the loadbalancer already terminate the SSL connection.If it shows that publishing to a cluster is indeed a problem, another option might be to set up a second virtual host on the loadbalancer (with a trusted SSL certificate) that doesn't have multiple machines in the background: E.g. you're publishing through the loadbalancer, but it only "balances" one machine. Yes, this is lame and not the reason for you to have a load balancer in the first place, but might help gain some more time until you find the correct way. As you mention that you're on EE: Did you contact our support team on this? They will have the time/resources to reproduce (and fix if it is a problem with Liferay) or provide a better workaround.If you open a ticket, point to this post/comment and I'm happy to assist the support staff in reproduction, time permitting. Please sign in to reply. Reply as... Cancel
Rob Hall 10 Years Ago We got it working...we originally were using the IP of the NAT of the staging server in the *hosts.allowed property on the target server (since the staging server doesn't have a public or static IP). But ultimately what worked was using the IP of the load balancer (which is a static IP) in those properties. Please sign in to reply. Reply as... Cancel Olaf Kock Rob Hall 10 Years Ago - Edited Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Please sign in to reply. Reply as... Cancel
Olaf Kock Rob Hall 10 Years Ago - Edited Be careful: If your server only sees your loadbalancer, you probably haven't set up communication between them properly: AJP would forward the original host address, HTTP doesn't (unless you use "ProxyPreserveHost On", try this) on Apache.When your loadbalancer is the origin of *all* traffic to your appserver, by setting host.allowed to your loadbalancer, you're allowing *all* traffic that comes through your loadbalancer access to the API - probably not what you intended with this operation Please sign in to reply. Reply as... Cancel