I have 2 web applications that run on a single Tomcat in a docker container on an AWS EC2 instance. One web app is 100% angular static content and the other is a REST application. When I run the web apps on my laptop, everything runs fine. When I run the docker container on an EC2 instance and access the web apps directly using the public IP, everything runs fine. However, when I try to access the web apps through an ELB, requests for the static content are handled fine, but requests to the REST app fail with a 403. I can see the 403 error in the Tomcat access logs so I know they are being received by Tomcat. However the REST app logs show no evidence that the request was received. I added a filter to the REST app that logs all requests received, but it shows no evidence that the request was received when when sent through the ELB.
Any idea why this might be happening? Any suggestions for diagnosing?
My docker file ...
FROM tomcat:8.0
LABEL maintainer="rossmillsiphone#gmail.com"
ADD voteride-web.war /usr/local/tomcat/webapps/
ADD voteride-ws.war /usr/local/tomcat/webapps/
ADD mysql-connector-java-5.1.9.jar /usr/local/tomcat/lib/
ADD server.xml /usr/local/tomcat/conf/
ADD context.xml /usr/local/tomcat/conf/
ADD email.properties /usr/local/tomcat/lib/
ADD logging.properties /usr/local/tomcat/conf
EXPOSE 8080
CMD ["catalina.sh", "run"]
This article had the answer I needed: https://willwarren.com/2014/01/27/running-apache-tomcat-with-ssl-behind-amazon-elb/
Setting the connector like this resolved the issue and allowed the web app to be called when traffic came through the ELB.
<Connector
port="8080"
protocol="HTTP/1.1"
proxyPort="443"
scheme="https"
secure="true"
proxyName="mywebsite.com"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
Related
I have a java application as JAR. This JAR application runs fine from my machine, meaning it can send and receive HTTP Requests to and from an API Endpoint (let's call this endpoint example.com/api/).
And then i built a docker image of this JAR Application, and tried to run the image as container from my docker desktop. But then i got this error.
the error i got
it seems like my application cant reach the url from inside the docker container. I tried to set the proxy in Settings -> Resources -> Proxies -> Manual proxies configuraton, and put my company proxy since i'm inside my company network. But still it doesn't work.
I tried to google this problem but almost nothing shows up (anything that shows up have little correlation with my problem). Anyone knows what seems to be the problem? What should I do?
First check if your container is able to communicate with the endpoint. Ping or curl it from the container shell. If you use proxy, set environment variables in container:
export http_proxy=http://server-ip:port
export https_proxy=https://server-ip:port
As the title states, I'm trying to figure out how I can get my .NET Core worker service deployed inside a Docker container to communicate with a REST API on my local machine (Docker host) via HTTPS.
NOTE: The Docker container is able to communicate with the REST API via plain-old HTTP just fine, so this seems to purely be an issue with HTTPS/SSL.
For background, I have a ASP.NET Core REST API deployed on my local machine via IIS. I have one binding for HTTP (port 8001) and one for HTTPS (port 8101). Additionally, said API also interfaces with my companies (model) IdentityServer instance.
Additionally, I have a .NET Core worker service which communicates with the aforementioned REST API (using an HttpClient under the hood). I've packaged this into a Docker image/container (using a Dockerfile, etc.).
When I run the container using the HTTP (not HTTPS) endpoints, everything is fine and the container is able to interface with the REST API on the local machine (provided I use host.docker.internal in place of localhost in URLs).
However, when I switch to HTTPS, things go haywire and I receive the following error:
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
I searched around for solutions but nothing seems to be working, but maybe I'm doing something wrong.
I've tried exporting (via Windows Certificate Manager) all the relevant certificates I could come up with as .cer files, changing their extensions to .crt and adding them to the Docker container via the Dockerfile:
COPY FooBar.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENTRYPOINT ["dotnet", "My.Project.dll"]
(Omitted the extraneous build/publish steps as I know those are working fine, but this snippet is part of a larger multi-stage Dockerfile).
NOTE: update-ca-certificates did recognize the certificates, so I'm under the impression they were added. I thought that there might have been an issue since I'm using a multi-stage Docker build, but even adding the certificates right before the ENTRYPOINT seems to make no difference.
I'm honestly not sure what else it could be at this point (or if my use case is even supported).
I have a webapi project that is located inside a Docker container. A self-signed certificate is available and connected to Apache. When contacting the address https://server_ip/ I get a test page Apache with information that everything works correctly. Docker without Apache also works correctly when requested http://server_ip/controller_name I get the correct response. How can I make user requests at https://server_ip/controller_name redirect to docker container?
Edit: Help me please :(
I have a liberty docker container, witch seems to start fine, but when I try to enter via browser the server is not reachable.
I use the IBM Sample1.war for testing to make sure it is not the war file. My problem is that the log file look fine:
[AUDIT ] CWWKE0001I: The server defaultServer has been launched.
[AUDIT ] CWWKE0100I: This product is licensed for development, and limited production use. The full license terms can be viewed here: https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/wasdev/license/base_ilan/ilan/18.0.0.2/lafiles/en.html
[AUDIT ] CWWKG0093A: Processing configuration drop-ins resource: /opt/ibm/wlp/usr/servers/defaultServer/configDropins/defaults/keystore.xml
[AUDIT ] CWWKZ0058I: Monitoring dropins for applications.
[AUDIT ] CWWKT0016I: Web application available (default_host): http://localhost:9080/Sample1/
[AUDIT ] CWWKZ0001I: Application Sample1 started in 0.394 seconds.
[AUDIT ] CWWKF0012I: The server installed the following features: [servlet-3.1].
[AUDIT ] CWWKF0011I: The server defaultServer is ready to run a smarter planet.
And here the docker file:
FROM websphere-liberty:kernel
COPY server.xml /config/
COPY build/libs/Sample1.war /config/dropins/
RUN installUtility install --acceptLicense defaultServer
I have no idea how to debug without any errors.
Thanks
Here my Server.xml:
<server description="default servlet engine">
<!-- Enable features -->
<featureManager>
<feature>servlet-3.1</feature>
</featureManager>
<httpEndpoint host="localhost" httpPort="9080" httpsPort="9443"
id="defaultHttpEndpoint" />
It seems that your server run with no error, and also the Sample1 war has been deployed with web root /Sample1
What you need, as already mentioned, is to:
change httpEndpoint in server.xml the host="localhost" to host="*"
make sure you run the docker with port mapping, e.g.
docker run -d -p 80:9080 -p 443:9443 your-liberty-name
open a browser and enter url (I guess you run the Sample1 demo, which has a SimpleServlet in it)
http://the-ip/Sample1/SimpleServlet or https://the-ip/Sample1/SimpleServlet
Above tells that we use port 80 and 443 (standard ports, no need to specify them in the url), the-ip depends if you run local docker container or remote. Enter your ip/localhost if you run local.
I would also recommend to download the IBM Web developer tools for eclipse which allows you to manage the server very easy in your IDE environment.
Some good links to have:
IBM - creating docker container...
Docker hub websphere liberty...
I have deployed the application in my local wildfly server and able to access my application through the url (http://127.0.0.1:8080/dhana/.
I have deployed the same application in openshift3 starter (new) and the build & deployment is successful.
It showing me the service url as ( http://dhanabalan-dhana.a3c1.starter-us-west-1.openshiftapps.com), But when I tried to hit this link it shows as below
Looks like server is up and running, Can anyone guide me to access the application?
Do I need to specify any port (8080) here?
Note: ROOT.war is the deployed file