Adding Another IBM Http Server Instance at Websphere
While integrating SSO (Single Sign on) we decided to separate internal & external users. The idea was to use 2 separate URLs (internal/external) with different virtualhosts but I wanted independent control on HTTP server instances so went ahead with adding 2 separate HTTP servers. One at port 80 for internal users and another at port 8000 for external users.
I have HTTP server running at port 80 working with 2 JVMs on Websphere 6.1 vertical cluster. I will now explain process to create & link new instance of IBM HTTP server at port 8000 with existing websphere JVMs.
Copy /opt/IBM/HTTPServer/conf/httpd.conf as /opt/IBM/HTTPServer/conf/httpd_opensso.conf
[spatil@Server1conf]$ netstat -an | grep 8000
Returned nothing so good to go
Edit httpd_opensso.conf and change following references
< PidFile logs/httpd.pid
> PidFile logs/httpd_sso.pid
< Listen Server1.oracledbasupport.co.uk:80
< Listen Server1.oracledbasupport.co.uk:443
To
> Listen Server1.oracledbasupport.co.uk:8000
> Listen Server1.oracledbasupport.co.uk:4443
< #ErrorLog logs/error_log
To
> ErrorLog logs/error_sso_log
< LogLevel error
To
> LogLevel debug
< CustomLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/access_log.log 86400” common
To
> CustomLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/access_sso_log.log 86400” common
< <VirtualHost Server1.oracledbasupport.co.uk:443>
To
> <VirtualHost Server1.oracledbasupport.co.uk:4443>
< LogLevel debug
To
> LogLevel debug
< CustomLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/ssl_access.log 86400” SSL
to
> CustomLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/ssl_sso_access.log 86400” SSL
< ErrorLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/ssl_error.log 86400”
To
> ErrorLog “|/opt/IBM/HTTPServer/bin/rotatelogs /opt/IBM/HTTPServer/logs/ssl_sso_error.log 86400”
Copy /opt/IBM/HTTPServer/Plugins/config/IHS as /opt/IBM/HTTPServer/Plugins/config/openSSO.
Please change plugin logfile name at “plugin-cfg.xml” – > Name=”/opt/IBM/WebSphere/Plugins/logs/IHS/http_plugin.log” to http_sso_plugin.log
Update Pointers
WebSpherePluginConfig /opt/IBM/HTTPServer/Plugins/config/IHS/plugin-cfg.xml
to
WebSpherePluginConfig /opt/IBM/HTTPServer/Plugins/config/openSSO/plugin-cfg.xml
Update openSSO/plugin-cfg.xml for log location
<Log LogLevel=”Debug” Name=”/opt/IBM/WebSphere/Plugins/logs/IHS/http_sso_plugin.log“/>
I have enabled DEBUG under plugin-cfg.xml to track any errors received . If you don’t want to do so please change LogLevel from “Debug” to “Error“
Login at deployment manager as Administrator and link the new instance of http server
The new server is added at DMGR, If you try and start new server thru DMGR it will return an error. The reason being, it is pointing to http.conf file and not httpd_sso.conf.
Link httpd_sso.conf to this new server.
Update Access & Error log files to view log messages from Deployment console
Go at shell prompt and start new HTTP server 8000 using
$sudo /opt/IBM/HTTPServer/bin/apachectl -k stop -f /opt/IBM/HTTPServer/conf/httpd_sso.conf
$sudo /opt/IBM/HTTPServer/bin/apachectl -k start -f /opt/IBM/HTTPServer/conf/httpd_sso.conf
Existing httpd server could be restarted using
$sudo /opt/IBM/HTTPServer/bin/apachectl -k stop
$ sudo /opt/IBM/HTTPServer/bin/apachectl -k start
See the httpd server is listening to both ports 80 & 8000
[spatil@Server1conf]$ netstat -an | grep 8000
tcp 0 0 172.30.9.31:8000 0.0.0.0:* LISTEN[spatil@Server1conf]$ netstat -an | grep 80
tcp 0 0 172.30.9.31:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:780 0.0.0.0:* LISTEN
tcp 0 0 172.30.9.31:80 0.0.0.0:* LISTEN
Now try and login at the front page using port http://Server1:8000 and it should return same result as port 80
The next thing to do is configure “Virtual Hosts” to connect on the new ports 8000 and SSL port 4443
Click on Default_Host & select Host Aliases
Now add ports 8000 & SSL port 4443 as listed below
Verify that Plug-in files have been updated by looking at “WebSpherePluginConfig : /opt/IBM/HTTPServer/Plugins/config/openSSO/plugin-cfg.xml
“ & WebSpherePluginConfig : /opt/IBM/HTTPServer/Plugins/config/IHS/plugin-cfg.xml
Check your plugin update interval i.e. Web Servers > %Server_name%> Plug-in properties
If it’s not set to “Auto generate & propagate “, do -> Navigate to new Http server and Generate Plug-in & Propagate Plug-in
- Refresh configuration interval
Specifies the time interval, in seconds, at which the plug-in should check the configuration file to see if updates or changes have occurred. The plug-in checks the file for any modifications that have occurred since the last time the plug-in configuration was loaded.
- Automatically generate plug-in configuration file
To automatically generate a plug-in configuration file to a remote Web server:
- This field must be checked.
- The plug-in configuration service must be enabled
When the plug-in configuration service is enabled, a plug-in configuration file is automatically generated for a Web server whenever:
- The WebSphere Application Server administrator defines new Web server.
- An application is deployed to an Application Server.
- An application is uninstalled.
- A virtual host definition is updated and saved.
By default, this field is checked. Clear the check box if you want to manually generate a plug-in configuration file for this Web server.
- Automatically propagate plug-in configuration file
Specifies whether or not you want the application server to automatically propagate a copy of a changed plug-in configuration file to a Web server:
- This field must be checked.
- The plug-in configuration service must be enabled
- A WebSphere Application Server node agent must be on the node that hosts the Web server associated with the changed plug-in configuration file.
By default, this field is checked.
Note: The plug-in configuration file can only be automatically propagated to a remote Web server if that Web server is an IBM HTTP Server V6.1 Web server and its administration server is running.
Because the plug-in configuration service runs in the background and is not tied to the administrative console, the administrative console cannot show the results of the automatic propagation.
Verify pointers to new configuration files by looking at following details
Once done bounce Websphere & Httpd services to pick up new settings.
Check /opt/IBM/HTTPServer/Plugins/logs/openSSO/http_plugin.log to see the requests are being served successfully.
Leave a Reply
You must be logged in to post a comment.