I was configuring a newly installed WebSphere Liberty Profile environment ( actually hosting IBM Mobile First Platform ) for HTTPS, and couldn't work out why the server wasn't listening on port 9443.
This is, in brief, what I did: -
Create Default Server
/opt/ibm/WebSphere/Liberty/bin/server create
Server defaultServer created.
Install MFP
/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installMFP8.rsp -acceptLicense
***********************************************************************
Before you start using the product, you must deploy a MobileFirst Server to your application server.
For more information about deploying projects with the Server Configuration Tool or command line tools, see
the documentation at http://ibm.biz/knowctr#SSHS8R_8.0.0/com.ibm.worklight.deploy.doc/topics/c_deploy.html.
***********************************************************************
Installed com.ibm.mobilefirst.foundation.server_8.0.0.20160610_0940 to the /opt/ibm/MFP directory.
/opt/ibm/WebSphere/Liberty/bin/server create
Server defaultServer created.
Install MFP
/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installMFP8.rsp -acceptLicense
***********************************************************************
Before you start using the product, you must deploy a MobileFirst Server to your application server.
For more information about deploying projects with the Server Configuration Tool or command line tools, see
the documentation at http://ibm.biz/knowctr#SSHS8R_8.0.0/com.ibm.worklight.deploy.doc/topics/c_deploy.html.
***********************************************************************
Installed com.ibm.mobilefirst.foundation.server_8.0.0.20160610_0940 to the /opt/ibm/MFP directory.
Create WLP Keystore and Public/Private Keypair
/opt/ibm/WebSphere/Liberty/bin/securityUtility createSSLCertificate --server=defaultServer --password=passw0rd --validity=365
Configure WLP/MFP
vi /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/server.xml
inserting: -
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
Start MFP
/opt/ibm/WebSphere/Liberty/bin/server start
Check logs
tail -f /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/console.log /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/messages.log
Weirdly, whilst I saw this: -
/opt/ibm/WebSphere/Liberty/bin/securityUtility createSSLCertificate --server=defaultServer --password=passw0rd --validity=365
Configure WLP/MFP
vi /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/server.xml
inserting: -
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
Start MFP
/opt/ibm/WebSphere/Liberty/bin/server start
Check logs
tail -f /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/console.log /opt/ibm/WebSphere/Liberty/usr/servers/defaultServer/logs/messages.log
Weirdly, whilst I saw this: -
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/ibm/api/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/IBMJMXConnectorREST/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/appcenterconsole/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/applicationcenter/
I saw NO reference to port 9443.
Check WLP via HTTPS
curl —insecure https://mfp.uk.ibm.com:9443/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/IBMJMXConnectorREST/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/appcenterconsole/
[AUDIT ] CWWKT0016I: Web application available (default_host): http://192.168.153.131:9080/applicationcenter/
I saw NO reference to port 9443.
Check WLP via HTTPS
curl —insecure https://mfp.uk.ibm.com:9443/
I must've spent 20 minutes tinkering with this, including looking at my server.xml : -
cat ../server.xml
<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>jsp-2.3</feature>
<!-- Begin of features added by IBM MobileFirst installer. -->
<!-- The following lines will be removed when the application is uninstalled -->
<feature>jdbc-4.1</feature>
<feature>servlet-3.1</feature>
<feature>appSecurity-2.0</feature>
<feature>usr:MFPDecoderFeature-1.0</feature>
<!-- End of features added by IBM MobileFirst installer. -->
<feature>ssl-1.0</feature>
<feature>restConnector-1.0</feature>
</featureManager>
<!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443" host="*" >
<!-- Option soReuseAddr added by IBM MobileFirst installer. -->
<tcpOptions soReuseAddr="true"/>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
</httpEndpoint>
…
Can you see what I did wrong ?
Yep, here it is: -
…
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443" host="*" >
<!-- Option soReuseAddr added by IBM MobileFirst installer. -->
<tcpOptions soReuseAddr="true"/>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
</httpEndpoint>
httpPort="9080"
httpsPort="9443" host="*" >
<!-- Option soReuseAddr added by IBM MobileFirst installer. -->
<tcpOptions soReuseAddr="true"/>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
</httpEndpoint>
…
For some STUPID reason, I put the keystore stanza INSIDE the httpEndpoint stanza.
Which won't do.
Once I fixed it: -
...
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443" host="*" >
<!-- Option soReuseAddr added by IBM MobileFirst installer. -->
<tcpOptions soReuseAddr="true"/>
</httpEndpoint>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
httpPort="9080"
httpsPort="9443" host="*" >
<!-- Option soReuseAddr added by IBM MobileFirst installer. -->
<tcpOptions soReuseAddr="true"/>
</httpEndpoint>
<keyStore id="defaultKeyStore" password="{xor}Lz4sLChvLTs=" />
…
and restarted WLP, things looked much better: -
curl —insecure https://mfp.uk.ibm.com:9443/
…
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>WebSphere Liberty 17.0.0.3</title>
<style>
body{
color: white;
<html>
<head>
<meta charset="utf-8">
<title>WebSphere Liberty 17.0.0.3</title>
<style>
body{
color: white;
…
doVersionCheck(latestReleasedVersion);
</script>
<script type="text/javascript" src="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/wasdev/downloads/adminCenter-welcome.js"></script>
</html>
…
</script>
<script type="text/javascript" src="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/wasdev/downloads/adminCenter-welcome.js"></script>
</html>
…
See, it's ALL about the position :-)
No comments:
Post a Comment