[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: IBM WebSphere Application Server on OpenShift Origin



Hi Tien,

2 ideas:
1) what happens when you define a "PassThrough" route  and do a request including the path: "https://sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io/ibm/console"  ?
2) VirtualHost "default_host" will (per default) have a vhost mapping "*:80" and "*:443" .Can you remove these two during these tests, to be sure they do not interfere?

regards Thomas

On Fri, Jun 29, 2018 at 9:58 AM Tien Hung Nguyen <tienhng nguyen gmail com> wrote:
Hi Thomas,

thank you for your response!

I have tried your approach and set the host of the admin_host virtual host to my routers name called "sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io" and pointed it to the ports 9043, 9060, 443, 80 

Furthermore, I have set the router to use TLS Termination "Passthrought" with Insecure Traffic "Redirect":

However, the approach doesn't work and I get the following error that a virtualhost to handle / has not been defined.


It seems that no virtual host could be found because the admin console listens only on the path /ibm/console/login.do, which I cannot set if I use the TLS termination passthrough.

Therefore, I tried TLS Termination "Edge" with Insecure Traffic "Allow" after that in order to set the router path to "/ibm/console/login.do". However, when I do that, I get the 502 Bad Gateway error:


I'm using the IBM WebSphere Application Server on OpenShift with security settings enabled, but using a self-signed certificate (which is the default settings for IBM WebSphere application server).  Therefore, the port 9443 should be used since the connection was successful when I tried IBM WebSphere application server running on Docker for Windows only.

The outputs of the oc describe commands looks at follows:

$ oc describe routes
Name:                   sls-coba-was-admin
Namespace:              sls-coba-berlin-ffm
Created:                2 days ago
Labels:                 application=sls-coba
Annotations:            openshift.io/host.generated=true
Requested Host:         sls-coba-was-admin-sls-coba-berlin-ffm.10.0.75.2.nip.io
                          exposed on router router 2 days ago
Path:                   /ibm/console/login.do
TLS Termination:        edge
Insecure Policy:        Allow
Endpoint Port:          <all endpoint ports>

Service:        sls-coba-was-admin
Weight:         100 (100%)
Endpoints:      172.17.0.5:9043

$ oc describe svc
Name:              sls-coba-was-admin
Namespace:         sls-coba-berlin-ffm
Labels:            app=sls-coba-was
                   application=sls-coba
Annotations:       <none>
Selector:          deploymentconfig=sls-coba-was
Type:              ClusterIP
IP:                172.30.203.107
Port:              <unset>  9043/TCP
TargetPort:        9043/TCP
Endpoints:         172.17.0.5:9043
Session Affinity:  None
Events:            <none>

Is there any other solution to resolve this?
Do I have to add the self-signed certificate from WebSphere to the OpenShift router?

Is maybe the handshaking process failing because the TLS Termination "Edge" and the settings are not set right?

I would be very thankful if you could help us with this problem.

Regards,
Tien



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]