I have a problem using Flex with BlazeDS on a Tomcat 5.5 through a Proxy (Apache). I already searched for it but didn't find answers which solved my problem. I hope you guys can help me out. :-)
Our scenario is the following:
Flex-App using BlazeDS to communicate with our Dataservice on a Tomcat 5.5. The Webapp is balze enabled and the services config contains channel definitions like the following:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://xxx.xxx.xxx.xxx:8180/myDataService/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint">
</channel-definition>
I set the Flex Server Root URL to http://xxx.xxx.xxx.xxx:8180/myDataService (Context Root: /myDataService) and compile my flex application against this services-config.
After that I deploy my flex application and my dataservice on a server with some ip address xxx.xxx.xxx.xxx. The two applications are available after that
using http://xxx.xxx.xxx.xxx:8180/myFlexApp or for the dataservice: http://xxx.xxx.xxx.xxx:8180/myDataservice
The tomcat is listening on port 8180.
If I open my flex application using the URL with the ip address everything is working fine. My application is receiving data perfectly.
Ok. Everything fine so far.
Now I want to use a proxy server (via apache http server) to hide the ip and use a domain name.
I do the following changes to my services-config:
<channel-definition id="my-amf" class="mx.messaging.channels.AMFChannel">
<endpoint url="http://mydomain.com/data/messagebroker/amf" class="flex.messaging.endpoints.AMFEndpoint">
</channel-definition>
I set the Flex Server Root URL to http://mydomain.com/data (Context Root /data) and compile my flex application against this services-config.
I deploy the applications again on the same tomcat as before.
Now I create an entry in the sites-available (sites-enabled) folder of my apache directory (etc/apache2/sites-available/) called mydomain.com
I create a Virtual Host with ServerName www.mydomain.com and ServerAlias mydomain.com. I also add the neccessary rules in the Proxy block and the other stuff neccessary for the virtual host definition.
The following ProxyPass/ProxyPassReverse entries are contained in this file:
ProxyPass /flexApp http://xxx.xxx.xxx.xxx:8180/myFlexApp
ProxyPassReverse /flexApp http://xxx.xxx.xxx.xxx:8180/myFlexApp
ProxyPass /data http://89.19.229.148:8180/myDataservice
ProxyPassReverse /data http://89.19.229.148:80/myDataservice
After that I can open the flex Application with http://www.mydomain.com/flexApp in the browser and it loads. But an error message is thrown when it tries to contact the dataservice using blazeds.
I even can't open the URL http://mydomain.com/data/messagebroker/amf. A 404 Error is displayed. Before - using the ip address - a blank page was displayed.
The weird thing is, that the non-blaze Servlets are working fine. e.G. I can open http://mydomain.com/data/myServlet and it works. Only Blaze doesn't work.
Do you have any ideas why this problem occurs and how i may solve it. Thanks a lot in advance. You're really helping me out!!!
Henrik
Both BlazeDS and the Flex app are using the URL in the channel-definition's endpoint. But the URLs actually need to be different. BlazeDS needs to use the myDataservice/messagebroker/amf URL while the Flex app needs to use the data/messagebroker/amf URL. So you can either make both URLs the same, ie. myDataservice
instead of data. Or you can manually set the channel information in the Flex app instead of having it read the services-config file.
I'm using AJP for the request redirection:
// enable mod_proxy_ajp
a2enmod proxy_ajp
The proxy configuration looks like this:
ProxyPass /flexApp/messagebroker/ ajp://localhost:8009/flexApp/messagebroker/
Related
Recently, I configured a Nexus repo on a corporate server at https://mycorporateserver.corporation.com/nexus/.
The way "its always been done" is to put our "apps" on the server and use apache httpd to serve the pages and manage access using ldap.
Nexus is configured for anonymous access, https, localhost only (all works fine). Then, we used Apache httpd to serve that Nexus page/URI to others using proxypass and reverseproxypass (per instructions in sonatype's documentation).
The catch is that the httpd configuration requires ldap. So, if I hit the given Nexus URI from a web browser, the browser asks for my corporate login. I log in with my user name and password and can view the repository as an anonymous user just fine.
I did not configure Nexus for ldap, Nexus provided me read-only anonymous access combined with the ability to log in as an admin from the login menu.
Great. The problem (not surprising) is when Eclipse/M2E tries to contact the Nexus repository I get:
"could not transfer artifact 'myartifact' from/to nexus (https://mycorporateserver.corporation.com/nexus/): handshake alert."
In my settings.xml, I included
<servers>
<server>
<id>tried many different versions of the server name including full URI</id>
<username>username</username>
<password>password</password>
<server/>
<servers/>
but that doesn't seem to work - which I think makes sense since I'm not trying to login to Nexus but rather supply my credentials to ldap.(?)
In M2E/Eclipse, is there a way to provide the needed LDAP information?
Is it better to not let httpd manage access but configure Nexus to handle everything LDAP? Is there a better/different way to configure Nexus/httpd/LDAP/Eclipse to solve the problem?
Thanks for all pointers and guidance!
"could not transfer artifact 'myartifact' from/to nexus
(https://mycorporateserver.corporation.com/nexus/): handshake alert."
That's an SSL handshake problem, the Java running Eclipse does not consider the certificate installed on Nexus to be valid. This is almost certainly because either:
The certificate is self signed.
The certificate has been signed by a
private certificate signing authority which is not in the truststore
of the Java running Eclipse.
Either way the workaround is to install the certificate on Nexus into the trust store of the java running Nexus.
See here for more information:
https://support.sonatype.com/hc/en-us/articles/213464948-How-to-trust-the-SSL-certificate-issued-by-the-HTTP-proxy-server-in-Nexus
Ultimately, as I understand it, it was a mismatch between how the VirtualHost and ServerName were defined in the apache httpd configuration.
https://mycorporateserver.corporation.com/nexus/ was the ServerName but the VirtualHost was defined with the ip and port https://mycorporateserver.corporation.com:port.
Original
<VirtualHost ip:port>
ServerName mycorporateserver.corporation.com/nexus/
...ldap and proxy pass configs
</VirtualHost>
Since we have more than one virtual host containing this ip and port combination, the server looked further into the configuration to find the proper page by reading the ServerName. Since no ServerNames matched what the clients sent, the handshake error occurred.
https://httpd.apache.org/docs/current/vhosts/name-based.html
Changing ServerName in the httpd conf to include the port solved the handshake error.
Final
<VirtualHost ip:port>
ServerName mycorporateserver.corporation.com:port/nexus/
...ldap and proxy pass configs
</VirtualHost>
(I'm by no means an apache httpd expert, still want to find out if there is a way to do all this without showing the port in the URL)
Then, when sending a request from Eclipse/M2E to the server, the response was "Unauthorized"
Adding the nexus server plus username and password to settings.xml solved the authorization problem and all worked great!
<servers>
<server>
<id>nexus</id>
<username>username</username>
<password>password</password>
<server>
</servers>
To ensure passwords were not stored in plain text, instructions at this Maven site were used to create encrypted passwords: https://maven.apache.org/guides/mini/guide-encryption.html
In hindsight, the question probably could have been asked better/differently but I didn't yet know what I learned today.
We recently moved our web server from one machine to another. The web server is running Artifactory 2.6.1 repository on my web-server which is accessible from port 8081. I would like to redirect requests made to http://domain/artifactory to http://localhost:8081/artifactory. I tried to achieve this by creating a reverse proxy using apache2 but failed. If you could direct me in the right direction, that would be appreciated.
Did you try to follow https://www.jfrog.com/confluence/display/RTF/Apache+HTTP+Server ?
You'll have to configure the ajp connector on your tomcat's server.xml and add a virtualhost in your apache configuration with mod_proxy_ajp
EDIT:
Since you're using Jetty instead of tomcat, Jetty recommends using http proxy instead of ajp.
Following this to configure Jetty and Apache: http://wiki.eclipse.org/Jetty/Howto/Configure_mod_proxy
I have recently uploaded my flex applicaiton on server, it works fine on my system (localhost) but on the production server it tries to access http://localhost/crossdomain.xml which is not available and end up showing "loading" eternally.
Check your code and see if anywhere you are referencing localhost url.Like,for instance you might be using a localhost url for a httpservice call.
I have a flex client communicating with a zend-framework based server. Client and Server are hosted on different computers (also on the same development computer with different url). What I had to do to make it work is as follows:
I had to edit the file \src\services\_Super_MyHttpService.as in my flex client's source code and update http url from http://localhost/ to http://SERVER_IP/ for variable called _serviceControl. Then compile the flex client.
I also put crossdomain.xml file in the server's root directory with content like:
<?xml verspion="1.0">
<cross-domain-policy>
<allow-access-from domain="CLIENT_IP"/>
</cross-domain-policy>
Note: replace SERVER_IP, CLIENT_IP with the correct IP address where the server and flex clients are hosted respectively.
Is it possible to set a virtual host in WebLogic only ?
In my development machine, I have a WebLogic instance with two servers, listening to ports 7002 and 7003; the deployed application contains EJBs and MDBs.
I want to point a Java client outside of the container to a single url, which I know will be served by the cluster, instead of pointing the class to a direct server. This java client will talk to EJBs and JMS queues in the cluster.
Most of the Google searches with the terms weblogic and "virtual host" give me answers involving Apache. Now, correct me if I'm wrong but I understand that the apache server works with HTTP. The cluster being weblogic, the protocol for the ejb will be T3; if it were JBoss, the protocol would be jnp.
So here are the questions:
Is it possible to set a virtual host with WebLogic ?
If so, do I need Apache server to do the virtual host ?
Is this the solution to the wrong problem ? All I need is for the cluster to answer to a single URL. Is there any other solution than virutal hosts ? Is it simpler ?
Also, this is on a Windows machine.
All I need is for the cluster to answer to a single URL. Is there any other solution than virutal hosts ? Is it simpler ?
Yes, simply declare a "cluster URL" in your JNDI environment settings:
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
java.naming.provider.url=t3://host1:7002,host2:7003
java.naming.security.principal=
java.naming.security.credentials=
The Apache plugin, virtual hosts, etc are HTTP things and have nothing to do with EJB or JMS clients.
Yes you can set up a virtual host in ur weblogic server.
The first file we'll need to edit is the Apache httpd.conf
file. For example, mine is here:
C:\Program Files\Apache Group\Apache\conf\httpd.conf
o to the very bottom of your httpd.conf file in your text
editor. It means that Apache is required.
Yes Setting up a virtual host with apache will solve ur problem.
I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server.
My flex app gets the data via a http service that sends calls to 1.2.3.4:9000/service, the flex application itself lies on 5.6.7.8/test.swf, my crossdomain.xml looks like the following
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="5.6.7.8" to-ports="*" />
</cross-domain-policy>
It is accessible from 1.2.3.4:9000/crossdomain.xml. Note that everything works when I use domain="*" instead of domain="1.2.3.4"
I hope someone can help me
Sebastian
If your Flex app is on the server with ip 5.6.7.8 you need to allow that ip in the crossdomain for the 1.2.3.4 server. This let's the Flash running from 5.6.7.8 know that 1.2.3.4 allows connections from that specific adress.
If you still have the same problem a quick way to find out what's going on is to use a debug proxy (i like Charles). That way you'll see flash' request for the crossdomain.xml and what the response looks like, most likely the request is going somewhere you didn't expect or the server messes it up somehow.
Are you using Sockets?
In that case you need to serve Policy Files either with your existing Java Server or a standalone one.
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Does 1.2.3.4 represent an IP address?
If so I believe you have to use a domain name here not an ip address, otherwise you could have several domains on the same server and bypass the same domain checks.