SSL

Forum to discuss the Web client version of Servoy.

Re: SSL

Postby jcompagner » Tue Mar 15, 2011 2:25 pm

webclient loading doesn't have anything to do with jnlp codebase override thats pure for the smart client (same for the /tunnel thats also only smart client)
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8828
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: SSL

Postby dpearce » Tue Mar 15, 2011 2:34 pm

So i have forwarded port 443 on apache to 8085 and reverse proxy, which brings me to the webclient solution selection screen, which appears as https

when i click the solution that then takes me back onto and http rather than https url?

Maybe there is some change i need to make in the server.conf?
Code: Select all
<Connector port="8085"
             protocol="HTTP/1.1"
               maxThreads="500" connectionTimeout="60000"
               redirectPort="8443" useBodyEncodingForURI="true" />


is it as simple as adding an S to HTTP/1.1 ???

David
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby sebster » Wed Mar 16, 2011 1:05 am

No, you don't have to change the tomcat configuration. You have the following configuration:

internet -- HTTPS:443 --> apache -- HTTP:8085 --> servoy tomcat

What you have to do is change the jnlp codebase url in the servoy.properties to point to the external url, which in this case is httpS://your.server.com.
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby sebster » Wed Mar 16, 2011 7:08 pm

Hi, I didn't read the post properly, sorry about that. :( You're talking about webclient, I was talking about smartclient with tunnel.

For webclient it means the urls generated by the webclient must be incorrect if they take you back to http. I will discuss this with Johan. It should use the same protocol as the request. I (or Johan) will get back to you on this.
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby dpearce » Tue Dec 06, 2011 12:29 am

After Many months, I am back looking at this!! (Sorry :)

I have put up a new virtual server with SSL and i am successfully running https on port 443 and proxying through to servoy.

The issue I have is that when i clicking on my solution in the web client home page, it reverts to http. If i add the S, to the url it then goes back into Servoy and runs fine from then.

the link is a relative one in your servoy solution picker, but it obviously then reverts to http some how.

I think this must be a servoy setting, but I cannot think where it is?

you can try it if you like:

https://d2physio.isaastechnology.co.uk/servoy-webclient
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby ngervasi » Tue Dec 06, 2011 1:41 am

How did you configure the reverse proxy in your web server? Something is wrong but it's difficult to tell what without having a look at the config files.
Nicola Gervasi
sintpro.com
SAN Partner
ngervasi
 
Posts: 1485
Joined: Tue Dec 21, 2004 12:47 pm
Location: Arezzo, Italy

Re: SSL

Postby dpearce » Tue Dec 06, 2011 1:48 am

Code: Select all
<VirtualHost 92.63.133.157:443>
        ServerName d2physio.isaastechnology.co.uk
        ServerAdmin admin@isaastechnology.co.uk
        DocumentRoot "/home/parksquare/servoy6_corex/application_server/server/webapps/ROOT/"
        DirectoryIndex "index.html"
        CustomLog "/var/log/httpd/access_log" "%h %l %u %t \"%r\" %>s %b"
        ErrorLog "/var/log/httpd/error_log"
        ErrorDocument 404 /error.html
        ProxyRequests Off
    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>
    ProxyPreserveHost On
    ProxyPass /tunnel ajp://localhost:8080/tunnel flushpackets=on
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
        <IfModule mod_ssl.c>
                SSLEngine On
                SSLCertificateFile '/etc/pki/tls/certs/*.isaastechnology.co.uk.crt'
                SSLCertificateKeyFile '/etc/pki/tls/private/*.isaastechnology.co.uk.key'
                SSLCertificateChainFile /etc/pki/tls/certs/gs_intermediate_ca.crt
                SSLCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL"

                SSLProtocol all -TLSv1 -SSLv2
        </IfModule>
        <IfModule mod_dav.c>
                DAVLockDB "/var/run/davlocks/.davlock100"
                DAVMinTimeout 600
        </IfModule>
        <IfModule mod_mem_cache.c>
                CacheEnable mem /
                MCacheSize 4096
        </IfModule>
        <Directory "/home/parksquare/servoy6_corex/application_server/server/webapps/ROOT/">
                AllowOverride None
                <IfModule mod_dav.c>
                        DAV Off
                </IfModule>
                Options All -Includes -ExecCGI +MultiViews -Indexes
        </Directory>
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{REQUEST_METHOD} ^TRACE
                RewriteRule .* - [F]
        </IfModule>
        <IfModule mod_proxy_balancer.c>
                <Proxy "balancer://balancer-group">
                </Proxy>
        </IfModule>
        <IfModule mod_alias.c>
                Alias "/collaboration" "/usr/share/collaboration"
                Alias "/icons/" "/usr/share/httpd/icons/"
                Alias "/error/" "/usr/share/httpd/error/"
        </IfModule>
#       Include /etc/apache2/httpd_groups.conf
#       Include /etc/apache2/httpd_teams_required.conf
        LogLevel warn
</VirtualHost>
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby ngervasi » Tue Dec 06, 2011 1:59 am

What are you trying to proxy? Smart, Webclient or both? Let me know and I will have a look tomorrow when I'll be back to the office.
Nicola Gervasi
sintpro.com
SAN Partner
ngervasi
 
Posts: 1485
Joined: Tue Dec 21, 2004 12:47 pm
Location: Arezzo, Italy

Re: SSL

Postby dpearce » Tue Dec 06, 2011 2:02 am

Webclient for the moment.

what is odd is that when you add the S back to the browser bar it works!

Thanks

David
dpearce
 
Posts: 469
Joined: Sun Dec 03, 2006 11:53 am

Re: SSL

Postby stevek » Wed Mar 13, 2013 4:35 pm

I realize the psot I'm replying to is over a year old, but I am attempting to configure servoy to run behind httpd myself and have hit the same situation where I goto the site:

https://nb1.mysite.org and it goes to the main page fine, I have a "lock" in front of the URL

I goto https://nb1.mysite.org/servoy-webclient and it loads as a locked site als

When I click on a solution, it tosses to a port 8080 url.

So my question is this: How do I change the port (8080) for the smart-client to accespt the SSL certs in httpd (apache)?

NOTE: The sites listed are for example only and are not the actual URL

Thanks for any input!
stevek
 
Posts: 53
Joined: Thu Jan 25, 2007 7:19 pm

Re: SSL

Postby sebster » Wed Mar 13, 2013 5:26 pm

Are you sure you have the ProxyPassReverse directive in your apache config?
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby stevek » Wed Mar 13, 2013 6:45 pm

Sebster,

No, I do not have a ProxyPassReverse in the mix
This is what I have:
(excerpt from ssl.conf)
# # # # For servoy
ProxyPass / http://nb1.region1tasc.org:8080/
</VirtualHost>


To add, I'd just put below the above entry with the same info?

And since you were so kind to respond, I'd like to have the actual website to be accessable at the same time. Is this possible?


Thanks so much for your help!
stevek
 
Posts: 53
Joined: Thu Jan 25, 2007 7:19 pm

Re: SSL

Postby sebster » Thu Mar 14, 2013 8:10 am

You'd have to put:
ProxyPassReverse / http://nb1.region1tasc.org:8080/

This is so that if the tomcat server does a redirect to another page, that apache will know to change the location of the redirect to the proxying hostname/port.

What do you mean with "I'd like to have the actual website to be accessible at the same time?"
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

Re: SSL

Postby stevek » Thu Mar 14, 2013 1:07 pm

sebster,

I have installed a basic web site as a "front end" for staff to use. It will include many functions and features for staff that are related to servoy use (tutorials, how-to's, direct links for specific servoy functions via web-client, etc) as well as other components that will be beneficial. In short, a full featured web site for use by staff that is on the same physical server / FQDN as servoy.
Now that I have servoy running as https, I would like to be able to access the web site on https also. So, right now, the https://nb1.region1tasc.org launches servoy (as configured by ProxyPass). I would like to also be able to access the website https also http://nb1.region1tasc.org - but have the SSL / https function for that also.
I can add a virtual host for the http://nb1.region1tasc.org (port 80), but I'd like the website to be https also. I realize this is probably off topic as it does not directly relate to servoy. I'd just like to be able to have the whole server secured with https and I cannot figure out how to configure it to do so.

I hope that explains my last post, and thank you for any input you can provide
stevek
 
Posts: 53
Joined: Thu Jan 25, 2007 7:19 pm

Re: SSL

Postby sebster » Thu Mar 14, 2013 5:17 pm

The main problem is that you are trying to server 2 different sites via the same hostname/path combination:
Servoy, and your main website.

There are basically 2 solutions:
1) use different hostnames (virtual hosts) for the site and for the servoy server
2) publish servoy in a different context (http://nb1.region1tasc.org/servoy)

The second solution requires deploying Servoy in a non-standard way (as a war).
Sebastiaan van Erk
Servoy
sebster
 
Posts: 251
Joined: Thu Apr 24, 2003 10:03 am
Location: Utrecht, The Netherlands

PreviousNext

Return to Servoy Web Client

Who is online

Users browsing this forum: No registered users and 5 guests