ebaseAdmin isn't accessible
Moderators: Jon, Steve, Ian, Dave
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
ebaseAdmin isn't accessible
As the title says, I cannot access the Ebase admin app on the server itself or outside of my server.
As soon as I visit the url https://oursite.ourdomain.com/ufs/ebaseAdmin.eb I get the error
com.ebasetech.ufs.runtime.events.rhinojavascript.RhinoScriptException: REST service failed: javax.net.ssl.SSLPeerUnverifiedException: Host name '127.0.0.1' does not match the certificate subject provided by the peer (CN=oursite.ourdomain.com, OU=Domain Control Validated)Not Authorized (SYSADMIN_AUTHORIZATION_CHECK#41)
As soon as I visit the url https://oursite.ourdomain.com/ufs/ebaseAdmin.eb I get the error
com.ebasetech.ufs.runtime.events.rhinojavascript.RhinoScriptException: REST service failed: javax.net.ssl.SSLPeerUnverifiedException: Host name '127.0.0.1' does not match the certificate subject provided by the peer (CN=oursite.ourdomain.com, OU=Domain Control Validated)Not Authorized (SYSADMIN_AUTHORIZATION_CHECK#41)
0 x
-
- Moderator
- Posts: 1342
- Joined: Wed Sep 12, 2007 12:49 pm
Re: ebaseAdmin isn't accessible
Both this and the designer connection problems are issues with SSL connection. Now you've got SSL working with Apache you should return the Tomcat configuration to just Http - take out the security constraint(s) and anything else that is forcing http -> https.
This particular problem with the server admin app is because this app is making a REST web service call to the same host using 127.0.0.1 and this fails when it's forced to https.
This particular problem with the server admin app is because this app is making a REST web service call to the same host using 127.0.0.1 and this fails when it's forced to https.
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Jon,
There are 2 things that relate to https in the Tomcat config files as far as I know:
1. <Context useHttpOnly="true"> in context.xml
2. The Port 443 connector defined in server.xml which is also where I load the SSL certificate by loading the keystore.
Do I only need to remove the useHttpOnly="true" in Context.xml ? I still want Tomcat to load the SSL cert so that the pages run over https.
The Apache server that I set up is only for redirection purposes (I.E http -> https)
There are 2 things that relate to https in the Tomcat config files as far as I know:
1. <Context useHttpOnly="true"> in context.xml
2. The Port 443 connector defined in server.xml which is also where I load the SSL certificate by loading the keystore.
Do I only need to remove the useHttpOnly="true" in Context.xml ? I still want Tomcat to load the SSL cert so that the pages run over https.
The Apache server that I set up is only for redirection purposes (I.E http -> https)
0 x
-
- Moderator
- Posts: 1342
- Joined: Wed Sep 12, 2007 12:49 pm
Re: ebaseAdmin isn't accessible
Segi,
We think the best way to do this is to have Apache handle the Https including certificates. The Server Admin app should work in this configuration.
I don't think the designer will work with an Https server (though I'm not 100% on this). If you need to connect the designer to an Https server then you will need to configure it to connect directly to Tomcat (i.e. not going through Apache and therefore not using Https). But preferably don't connect a designer to an Https server at all! Why do you want to do this? In V5.3 you have the ability to run a form on any server configured as a deployment target. And you can deploy to any server.
Jon
We think the best way to do this is to have Apache handle the Https including certificates. The Server Admin app should work in this configuration.
I don't think the designer will work with an Https server (though I'm not 100% on this). If you need to connect the designer to an Https server then you will need to configure it to connect directly to Tomcat (i.e. not going through Apache and therefore not using Https). But preferably don't connect a designer to an Https server at all! Why do you want to do this? In V5.3 you have the ability to run a form on any server configured as a deployment target. And you can deploy to any server.
Jon
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Jon,
I am not trying to second guess you but this doesn't really make sense. Right up until I upgraded VerjIO to 5.3.2, I had Tomcat be responsible for loading the SSL certificates and forcing https over http and the admin console and test server worked perfectly.
I still have a copy of my production VerjIO instance that is on 5.2 and I'm certain that if I shut down the 5.3.2 instance and load up the 5.2 instance, these things would resume to work normally.
I feel that I'm moving further and further away from Tomcat being the main web server and I would really prefer to fix the problem properly rather than having a setup that gets increasingly more complicated with 2 different web servers.
I would like to get back to my original set up which is 1 server which is our production server running Tomcat only without Apache and another server (Dev server) which is also running Tomcat only.
I am not trying to second guess you but this doesn't really make sense. Right up until I upgraded VerjIO to 5.3.2, I had Tomcat be responsible for loading the SSL certificates and forcing https over http and the admin console and test server worked perfectly.
I still have a copy of my production VerjIO instance that is on 5.2 and I'm certain that if I shut down the 5.3.2 instance and load up the 5.2 instance, these things would resume to work normally.
I feel that I'm moving further and further away from Tomcat being the main web server and I would really prefer to fix the problem properly rather than having a setup that gets increasingly more complicated with 2 different web servers.
I would like to get back to my original set up which is 1 server which is our production server running Tomcat only without Apache and another server (Dev server) which is also running Tomcat only.
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
Can you send me the log files to support@ebasetech.com :
<ebase-install-dir>\UfsClient\error.log
<ebase-install-dir>\UfsClient\logs\ebase-designer.log
So I can see where we are experiencing problems.
Hopefully from here we can come up with a solution.
Did you remove the useHttpOnly="true" and try this? I would assume that you'd be able to connect to the standard HTTP port if this was removed.
Kind regards
Steve Upton
Can you send me the log files to support@ebasetech.com :
<ebase-install-dir>\UfsClient\error.log
<ebase-install-dir>\UfsClient\logs\ebase-designer.log
So I can see where we are experiencing problems.
Hopefully from here we can come up with a solution.
Did you remove the useHttpOnly="true" and try this? I would assume that you'd be able to connect to the standard HTTP port if this was removed.
Kind regards
Steve Upton
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
We know that the Ebase admin does not work when using SSL. We are looking into a fix for that.
Have you created you own self signed SSL certificate? If you have then you could add localhost and 127.0.0.1 to the alt names in your configuration (.cnf file).
Or something like this using keytool:
keytool -genkeypair \
-keystore keystore.jks \
-dname "CN=mysite.com, OU=Sun, O=Sun Microsystems, L=Santa Clara, ST=California, C=US" \
-keypass changeit \
-storepass changeit \
-keyalg RSA \
-keysize 2048 \
-alias default \
-ext SAN=DNS:localhost,IP:127.0.0.1 \
-validity 9999
Kind regards
Steve
We know that the Ebase admin does not work when using SSL. We are looking into a fix for that.
Have you created you own self signed SSL certificate? If you have then you could add localhost and 127.0.0.1 to the alt names in your configuration (.cnf file).
Or something like this using keytool:
keytool -genkeypair \
-keystore keystore.jks \
-dname "CN=mysite.com, OU=Sun, O=Sun Microsystems, L=Santa Clara, ST=California, C=US" \
-keypass changeit \
-storepass changeit \
-keyalg RSA \
-keysize 2048 \
-alias default \
-ext SAN=DNS:localhost,IP:127.0.0.1 \
-validity 9999
Kind regards
Steve
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Steve,
We're not using a self signed SSL cert. We purchased an official SSL cert from GogDaddy which I imported into my tomcat key store which gets loaded in the SSL connector in server.xml.
We're not using a self signed SSL cert. We purchased an official SSL cert from GogDaddy which I imported into my tomcat key store which gets loaded in the SSL connector in server.xml.
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
OK, you will have to enable a non SSL port on Tomcat as well for the moment and configure the designer to use the non SSL port.
If you could send me your logs anyway, that would be helpful. I have added a bug to our database and we will try and fix this for the next service pack.
Kind regards
Steve Upton
OK, you will have to enable a non SSL port on Tomcat as well for the moment and configure the designer to use the non SSL port.
If you could send me your logs anyway, that would be helpful. I have added a bug to our database and we will try and fix this for the next service pack.
Kind regards
Steve Upton
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Steve,
Can you please give me an example of the non-SSL connectorthat you mentioned ?
Which log do you want ? The one from UFSClient\Logs on my workstation or the logs from the server ?
Can you please give me an example of the non-SSL connectorthat you mentioned ?
Which log do you want ? The one from UFSClient\Logs on my workstation or the logs from the server ?
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
I would like the client logs please.
This document gives you instructions on how to configure Ebase to work with SSL and non SSL ports.
Kind regards
Steve
This document gives you instructions on how to configure Ebase to work with SSL and non SSL ports.
Kind regards
Steve
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Steve,
I followed these steps on my test instance of Ebase with 1 minor change. Since I am using SSL which runs on port 443, I changed the line
to
since there's nothing bound to port 8443 and using that port generates an error since that port isn't accessible. After making all of these changes outlined in the Word doc and restarting my test instance of Ebase, I am still getting an error when trying to access the admin on the server itself (to avoid any port issues initially)
The error is
I followed these steps on my test instance of Ebase with 1 minor change. Since I am using SSL which runs on port 443, I changed the line
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort=[b]"8443"[/b] />
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort=[b]"443"[/b] />
The error is
Code: Select all
com.ebasetech.ufs.runtime.events.rhinojavascript.RhinoScriptException: REST service failed: javax.net.ssl.SSLPeerUnverifiedException: Host name '127.0.0.1' does not match the certificate subject provided by the peer (CN=intranet.gms4sbc.com, OU=Domain Control Validated)Not Authorized (SYSADMIN_AUTHORIZATION_CHECK#41)
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
You do not want to change the port to:
but leave it as:
The redirect port is just a port that Tomcat creates to redirect its request to. 443 is an SSL port and should be directed to that.
Once configured, you should be able to invoke the server admin by calling:
http://oursite.ourdomain.com:3030/ufs/ebaseAdmin.eb
(Note that the URL above does not use HTTPS but it is using HTTP)
Also you'll need to configure the designer to point to the server port 3030 also.
Kind regards
Steve Upton
You do not want to change the port to:
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort=[b]"443"[/b] />
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort=[b]"8443"[/b] />
Once configured, you should be able to invoke the server admin by calling:
http://oursite.ourdomain.com:3030/ufs/ebaseAdmin.eb
(Note that the URL above does not use HTTPS but it is using HTTP)
Also you'll need to configure the designer to point to the server port 3030 also.
Kind regards
Steve Upton
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Steve,
After changing 443 to 8443 and restarting Ebase when I visit http://localhost:3030/ufs/ebaseAdmin.eb the page times out. This is why I changed the port from 8443 to 443.
Obviously, I am trying to access the admin page on the server itself for now.
I am starting Ebase using start_ebase_server.bat which looks like this:
Edit: These are the connectors defined in server.xml:
In Designer (on the server itself) I'm using external server with the address localhost, port 3030 on ufs
UFSClient/Logs has only 1 file ebase-designer.log which is empty
Running netstat shows that port 3030 is bound to localhost address while 443 is bound to my local ip. I don't think that that's right but i'm not 100% sure
I am running the designer by running the exe not the batch file
After changing 443 to 8443 and restarting Ebase when I visit http://localhost:3030/ufs/ebaseAdmin.eb the page times out. This is why I changed the port from 8443 to 443.
Obviously, I am trying to access the admin page on the server itself for now.
I am starting Ebase using start_ebase_server.bat which looks like this:
Code: Select all
REM Run this command to start the EBASE environment
REM To run : open a DOS command window, cd to this directory, then issue the command start_ebase_server
REM Start the tomcat application server
set JRE_HOME=%~dsp0..\jre
set CATALINA_HOME=%~dsp0\tomcat
set BASEDIR=%~dsp0\tomcat
set JAVA_OPTS=-Xmx1024m -server -Djava.net.preferIPv4Stack=true -Dderby.system.home=%~dsp0/DB -Dhttp.nonProxyHosts="localhost|127.0.0.1"
cd tomcat\bin
startup
cd ..\..
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25"
enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="C:\VerjIO\tomcat.keystore" keystorePass="mypassword" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" tomcatAuthentication="false"/>
UFSClient/Logs has only 1 file ebase-designer.log which is empty
Running netstat shows that port 3030 is bound to localhost address while 443 is bound to my local ip. I don't think that that's right but i'm not 100% sure
I am running the designer by running the exe not the batch file
0 x
- jcoulson
- Ebase User
- Posts: 30
- Joined: Tue Sep 24, 2013 10:18 am
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
Steve has asked me to look into this for you.
It appears your server.xml config has a redirect loop, please see my slightly amended version with changes to the 8009 connector port below:
Everything else seems ok so please alter the above and restart the server.
If you still have issues, please send to the email Steve mentioned earlier, your server logs.
Depending on your configuration these should be in UfsServer/tomcat/logs and have stderr, ebase-server or catalina in the name.
The server logs will show us any issues when the server starts up and may highlight any problems with your configuration.
Kind Regards,
Jordan
Steve has asked me to look into this for you.
It appears your server.xml config has a redirect loop, please see my slightly amended version with changes to the 8009 connector port below:
Code: Select all
<Connector port="3030" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192"
SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="true"
disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="C:\VerjIO\tomcat.keystore" keystorePass="mypassword" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
If you still have issues, please send to the email Steve mentioned earlier, your server logs.
Depending on your configuration these should be in UfsServer/tomcat/logs and have stderr, ebase-server or catalina in the name.
The server logs will show us any issues when the server starts up and may highlight any problems with your configuration.
Kind Regards,
Jordan
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
I made the changes that you suggested but I still can't access the admin app.
I checked the server logs by doing the following
Stopped the server
Moved all of the previous server logs to a sub folder
Started server by running start_ebase_server.bat
Went into Designer and started server admin app
Result: Fails to connect. The message is "Firefox can’t establish a connection to the server at localhost:8443." netstat doesn't show that port 8443 is open either. The URL that it attempts to access the admin app at is https://localhost:8443/ufs/ebaseAdmin.eb
I stopped the server at this point to collect the server logs
catalina.log: https://pastebin.com/737NHpk1
Ebase Server:
host-manager.log: empty
localhost.log: empty
localhost_access.log
manager.log: empty
server.xml: https://pastebin.com/AvV0Rc6P
I checked the server logs by doing the following
Stopped the server
Moved all of the previous server logs to a sub folder
Started server by running start_ebase_server.bat
Went into Designer and started server admin app
Result: Fails to connect. The message is "Firefox can’t establish a connection to the server at localhost:8443." netstat doesn't show that port 8443 is open either. The URL that it attempts to access the admin app at is https://localhost:8443/ufs/ebaseAdmin.eb
I stopped the server at this point to collect the server logs
catalina.log: https://pastebin.com/737NHpk1
Ebase Server:
Code: Select all
Thu Mar 15 08:06:43: ************************************************************
Thu Mar 15 08:06:43: *** Starting Ebase Xi Server version 5.3.2, Build 20180105
Thu Mar 15 08:06:43: ************************************************************
Thu Mar 15 08:06:50: Ebase Xi Designer server component initialised successfully
Thu Mar 15 08:06:50: Workflow servlet component initialised successfully
Thu Mar 15 08:06:50: FormCacheLoader: start
Thu Mar 15 08:06:50: FormCacheLoader: end
Thu Mar 15 08:06:50: ******************************************************************
Thu Mar 15 08:06:50: *** Ebase Xi Server V5.3.2 successfully initialized in 6 seconds
Thu Mar 15 08:06:50: *** Using workspace C:\VerjIO\Workspace
Thu Mar 15 08:06:50: ******************************************************************
localhost.log: empty
localhost_access.log
Code: Select all
127.0.0.1 - - [15/Mar/2018:08:06:51 -0700] "POST /ufs/designer HTTP/1.1" 200 19
127.0.0.1 - - [15/Mar/2018:08:06:51 -0700] "POST /ufs/designer HTTP/1.1" 200 357
127.0.0.1 - - [15/Mar/2018:08:06:53 -0700] "POST /ufs/designer HTTP/1.1" 200 19
127.0.0.1 - - [15/Mar/2018:08:06:54 -0700] "POST /ufs/designer HTTP/1.1" 200 19
127.0.0.1 - - [15/Mar/2018:08:06:54 -0700] "POST /ufs/designer HTTP/1.1" 200 19
127.0.0.1 - - [15/Mar/2018:08:06:54 -0700] "GET /ufs/ebaseAdmin.eb HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2018:08:06:56 -0700] "POST /ufs/designer HTTP/1.1" 200 19
server.xml: https://pastebin.com/AvV0Rc6P
0 x
- jcoulson
- Ebase User
- Posts: 30
- Joined: Tue Sep 24, 2013 10:18 am
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,
Have you tried accessing the admin app via this url: http://localhost:3030/ufs/ebaseAdmin.eb
If this doesn't work I think it is down to your server.xml if the pastebin link is exactly the same as what you are using then it is missing to 3030 connector.
This should look like this:
If this is missing please insert this and restart again an let me know if any further problems.
Kind Regards,
Jordan
Have you tried accessing the admin app via this url: http://localhost:3030/ufs/ebaseAdmin.eb
If this doesn't work I think it is down to your server.xml if the pastebin link is exactly the same as what you are using then it is missing to 3030 connector.
This should look like this:
Code: Select all
<!-- Designer only connection to port 3030 -->
<Connector port="3030" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Kind Regards,
Jordan
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Jordan,
If I try to load that URL, it redirects to the URL I provided which runs on https but still has port 8443 in the URL.
The connector to 3030 is already in server.xml. I pasted server.xml into a new document and removed some of the sensitive info before pasting it and must have removed the 3030 connector line by accident but its there on the server.xml in use. I just double checked
Thanks,
Segi
If I try to load that URL, it redirects to the URL I provided which runs on https but still has port 8443 in the URL.
The connector to 3030 is already in server.xml. I pasted server.xml into a new document and removed some of the sensitive info before pasting it and must have removed the 3030 connector line by accident but its there on the server.xml in use. I just double checked
Thanks,
Segi
0 x
- jcoulson
- Ebase User
- Posts: 30
- Joined: Tue Sep 24, 2013 10:18 am
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
Hi Segi,Segi wrote: ↑Thu Mar 15, 2018 4:24 pmJordan,
that URL on port 3030 running on http redirects to https on 8443
The connector to 3030 is already in server.xml. I pasted server.xml into a new document and removed some of the sensitive info before pasting it and must have removed the 3030 connector line by accident but its there on the server.xml in use. I just double checked
Thanks,
Segi
Thanks for your quick reply, that's good that the connector is there.
I see early on in this thread that you setup an apache server to do the redirects.
By any chance is this still running?
It should not be needed now so it should be stopped.
Make sure it is and restart the ebase server and test again if you could.
Many thanks,
Jordan
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
Jordan
I need to explain my set up to you. I have a production instance of Ebase and a dev instance of Ebase, each running in separate VMs on our network. These 2 instance are identical in every way except that the production instance is accessed internally using https://intranet.ourdomain.com while my dev server is running on https://intranetdev.ourdomain.com. When I need to make heavy modifications to an app, I develop it on dev first (Ignoring the SSL warning since my Godaddy cert was purchased for our Intranet domain, not intranetdev) and this has been fine right up until I tried upgrading to 5.3.2.
I am still running Apache on my production server because it still doesn't redirect http to https but I don't have Apache installed on my dev server.
Both servers are experiencing the exact same issue but I have been trying this fixes on the Intranetdev server. Without Apache, Ebase refuses to redirect http traffic to https on both servers even now with all of the changes that you have asked me to make (which I have been doing on Intranetdev).
This set up worked fine until I tried upgrading Ebase from 5.2 to Verj 5.3.2 on Intranet and Intranetdev when everything went horribly wrong. After the upgrade, I started getting errors related to UFS (Please see viewtopic.php?f=3&t=1419 this post for a full explanation of everything that went wrong). I somehow manage to cobble together a sem-working instance of Ebase 5.3.2 for both servers although I still have these issues:
In designer on my workstation, I cannot deploy to production server
In designer on my workstation, I can't select a database connection
Admin app isn't accessible from inside or outside of the server
Only runs on https (eventually times out if you try a URL that begins with http)
Not to complicate things further, but I just checked and Apache wasn't set to auto start after a reboot on our production server (Intranet) and since our server rebooted last night, Apache is not in fact running at the moment. Ebase on Intranet runs over https just fine (minus the issues highlighted above) as long as the URL uses https not http
I need to explain my set up to you. I have a production instance of Ebase and a dev instance of Ebase, each running in separate VMs on our network. These 2 instance are identical in every way except that the production instance is accessed internally using https://intranet.ourdomain.com while my dev server is running on https://intranetdev.ourdomain.com. When I need to make heavy modifications to an app, I develop it on dev first (Ignoring the SSL warning since my Godaddy cert was purchased for our Intranet domain, not intranetdev) and this has been fine right up until I tried upgrading to 5.3.2.
I am still running Apache on my production server because it still doesn't redirect http to https but I don't have Apache installed on my dev server.
Both servers are experiencing the exact same issue but I have been trying this fixes on the Intranetdev server. Without Apache, Ebase refuses to redirect http traffic to https on both servers even now with all of the changes that you have asked me to make (which I have been doing on Intranetdev).
This set up worked fine until I tried upgrading Ebase from 5.2 to Verj 5.3.2 on Intranet and Intranetdev when everything went horribly wrong. After the upgrade, I started getting errors related to UFS (Please see viewtopic.php?f=3&t=1419 this post for a full explanation of everything that went wrong). I somehow manage to cobble together a sem-working instance of Ebase 5.3.2 for both servers although I still have these issues:
In designer on my workstation, I cannot deploy to production server
In designer on my workstation, I can't select a database connection
Admin app isn't accessible from inside or outside of the server
Only runs on https (eventually times out if you try a URL that begins with http)
Not to complicate things further, but I just checked and Apache wasn't set to auto start after a reboot on our production server (Intranet) and since our server rebooted last night, Apache is not in fact running at the moment. Ebase on Intranet runs over https just fine (minus the issues highlighted above) as long as the URL uses https not http
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Re: ebaseAdmin isn't accessible
I have been adjusting my server connector settings and I think I've fixed all of my problems.
I uninstalled Apache from my production server and am not using it at all any more.
I changed my connector settings a little bit. I removed the port 3030 connector and changed the AJP connector on 8009 to redirect to 443 instead of 8443.
In web.xml, I removed the security constraints that forced SSL for everything except designer
In context.xml, I removed useHttpOnly="true"
Pages don't seem to redirect automatically over http so http://intranet.ourdomain.com/ufs/LOGIN.eb will time out but https://intranet.ourdomain.com/ufs/LOGIN.eb works perfectly. I recently emailed all of our users to remind them that they must use https to connect to Ebase so I don't see this as being an issue.
I can now connect the test server to my external server on our production server and connect to the admin app over http only from within the server or from my workstation outside of the server. Every other page besides the admin app doesn't work unless you specify https.
I uninstalled Apache from my production server and am not using it at all any more.
I changed my connector settings a little bit. I removed the port 3030 connector and changed the AJP connector on 8009 to redirect to 443 instead of 8443.
In web.xml, I removed the security constraints that forced SSL for everything except designer
In context.xml, I removed useHttpOnly="true"
Pages don't seem to redirect automatically over http so http://intranet.ourdomain.com/ufs/LOGIN.eb will time out but https://intranet.ourdomain.com/ufs/LOGIN.eb works perfectly. I recently emailed all of our users to remind them that they must use https to connect to Ebase so I don't see this as being an issue.
I can now connect the test server to my external server on our production server and connect to the admin app over http only from within the server or from my workstation outside of the server. Every other page besides the admin app doesn't work unless you specify https.
0 x
- jcoulson
- Ebase User
- Posts: 30
- Joined: Tue Sep 24, 2013 10:18 am
- Location: Sandy, UK
- Contact:
Re: ebaseAdmin isn't accessible
That's great news Segi.Segi wrote: ↑Thu Mar 15, 2018 11:23 pmI have been adjusting my server connector settings and I think I've fixed all of my problems.
I uninstalled Apache from my production server and am not using it at all any more.
I changed my connector settings a little bit. I removed the port 3030 connector and changed the AJP connector on 8009 to redirect to 443 instead of 8443.
In web.xml, I removed the security constraints that forced SSL for everything except designer
In context.xml, I removed useHttpOnly="true"
Pages don't seem to redirect automatically over http so http://intranet.ourdomain.com/ufs/LOGIN.eb will time out but https://intranet.ourdomain.com/ufs/LOGIN.eb works perfectly. I recently emailed all of our users to remind them that they must use https to connect to Ebase so I don't see this as being an issue.
I can now connect the test server to my external server on our production server and connect to the admin app over http only from within the server or from my workstation outside of the server. Every other page besides the admin app doesn't work unless you specify https.
Glad that you have got it to work.
Please let us know if there is anything else you require help with.
Kind Regards,
Jordan
0 x
-
- Ebase User
- Posts: 649
- Joined: Mon Dec 09, 2013 6:37 pm
Who is online
Users browsing this forum: No registered users and 3 guests