It's all about the answers!

Ask a question

jazz distributed server setup


Norman Dignard (35045798) | asked Dec 30 '16, 3:24 p.m.
edited Jan 02 '17, 5:29 a.m. by Mehul Patel (8394)

We're upgrading from a https 502 single install to a http distributed install (one server per app).

Our new network topology will allow for external access to jazz via VPN to our customers.

To that end we have a:

- External perimeter security box from F5. This does the ssl offload for users accessing jazz a https string.   Requests are then forwarded to our reverse proxy server (nginx) on another subnet. The F5 box is dns registered as jazz.navcan.ca 

- reverse proxy server (nginx) - forwards requests to the applicable JAZZ server. Entries are in the form http:// ip_address/jts  . IP/hostnames to each jazz server and f5 box in local hosts file.  Note no dns on this dmz.

- Each jazz server has  IP/hostnames to each jazz server and f5 & proxy in local hosts file.

In our initial JAZZ access testing in this topology we used a single http install and were able to access the apps.

In our distributed setup however we are having access problems and are a little stumped in trying to resolve the issue.

Currently if we try to access the apps we get the login screen and input the admin account/password then get:

"You have followed a direct link to log in to a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. Please log in if you would like to access the server."

We can log into jts/admin but note that the discovery services to the apps fails.

Any ideas/suggestions?

 

 

  

One answer



permanent link
Shubjit Naik (1.4k1613) | answered Jan 02 '17, 6:06 a.m.
Hi Norman

In our experience, SSL Offloading has never worked with the Jazz Application. It has to be either HTTP or HTTPS all the way from the Entry Point Until the the App server hosting Jazz applications. The error you see matches with my testing as well.


Comments
Norman Dignard commented Jan 02 '17, 9:05 a.m.

We did have success in setting up Jazz (single server CLM install) in this manner and it did work. We had problems with DNG login when using IE (it being sensitive to network latency) but appeared to work fine using Chrome..

The only difference in our setup now is we had a distributed installation.

The problem I'm seeing is that even directing jazz traffic (via local host entry) to the proxy, we get have this issue. 


Shubjit Naik commented Jan 03 '17, 5:31 a.m.

If this is a new setup,
Would it be possible to do a quick test by changing the jazz app deployment (jts) to https and not changing anything else? 

Your answer


Register or to post your answer.