Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Setting up Reverse Proxy Server - not seeing errors, but unable to connect to application servers

Questions
Tags
Users
Badges
Karen Steele
(1.3k5141152) Jan 18 '22, 6:46 a.m.
Have been using a combination of these document to setup / create IHS plugins for Liberty on a distributed environment

Both documents do basically the same but one has more details than the other.

I have done this on another installation and its working just fine, but we did use the self extracting "trial" ihs serve version
In the install I have right now I've installed IBM HTTP server from IM

The installation is configured and HTTPServer is running and I can from the proxy server get the http logo using http and https with the port address, servername and its fqdn.  However, when I attempt to get to an applicaiton server I first get a browser certificate error (from firefox) which I accept the risk - then it returns the URL cannot be found on this server.

From a regular browser login, I can also get to the proxy without issues - but again when I expand the proxy server parametet to include an applicaiton server it again fails as above.

I've compared to the other install and everything is pretty much identical the exception being one was trial IHS the other is IM installed. 

Any ideas ?  I raised a PMR but they only provide support for full blow WAS install with IHS - where we don't have full blow WAS

0 votes

Comments
Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jan 18 '22, 7:53 a.m.

WAS Liberty is a supported application server. It is even the default. 

Liberty supports enterprise deployments and those always have a reverse proxy.

https://jazz.net/wiki/bin/view/Deployment/StandardTopologiesOverview shows reverse proxies everywhere. I find it unlikely that there is no supported configuration for Was Liberty. 

1. Ask why your configuration would not be supported. 
2. Ask for what is supported with WAS Liberty.

The error description is not helping. There are logs in the IHS as well as in the application servers and Jazz applications. Look at these. Get the certificate fixed or use Firefox if in doubt with the certificates. Chrome seems to get tighter and tighter.

Karen Steele
Jan 18 '22, 8:57 a.m.
That is part of the problem, there is nothing in the logs to show an errors - I am using firefox and get the initial certificate error, used advanced and accept it but then the url fails with "url not found on this server"

All the application are up and running and I can get to them without issue directly - I'm wondering if the Jazz Authorization Server is part of hte issue, as I have this enabled, and there were no instructions in the documentation to indicate that I might need to collect the keystore and certifcate from that ?

We're using the enterprise topology with a few exceptions e.g. don't have RELM - and my JAS server is on the same server as JTS

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jan 18 '22, 9:09 a.m.
I am not an expert on this. 

For me not having deployed RELM still makes it an enterprise topology.


 "url not found on this server" I would expect that this is not related to JAS, I would assume this is in the reverse proxy. 

How can you reach the applications, if the URI root is hosted on the proxy? Without proxy the host they are on would not be in the URI, right? The Hostname would not he the FQN used in the public URI, the IHS would run in the host with that FQN.

The certificate is the one from IHS. Given that the redirect in the IHS to the other machines seems to be the issue.

1 answer
958 views
0 votes

Accepted answer

Permanent link
Karen Steele
(1.3k5141152) Jun 07 '22, 7:48 a.m.

it appears that the unique setup we had with a passthru was causing the issue - very strict on the ip / names and the public uri entries.  Resolved and has been running successfully now for several months

Ralph Schoon selected this answer as the correct answer

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,510
× 2,357
× 1,340
× 15
× 6

Question asked: Jan 18 '22, 6:46 a.m.

Question was seen: 958 times

Last updated: Jun 07 '22, 7:48 a.m.

Related questions
Confirmation Cancel Confirm