Difference between revisions of "Payara Configuration in QPR UI"

Opening GlassFish Administration Console

GlassFish Administration Console can be accessed using a web browser at http://SERVERNAME:4848, where SERVERNAME is the name of the QPR UI server. Alternatively you can use http://localhost:4848 when accessing from the server itself.

Changing GlassFish Port

By default, Glassfish is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:

1. Open the GlassFish Administration Console as described in Opening GlassFish Administration Console.
2. Expand Configurations -> server-config -> Network Config -> Network Listeners
3. Select one of the listeners (admin-listener, http-listener1 or http-listener2), change the Port value in the General tab and click Save.

By default, there are following listeners:

• admin-listener: for GlassFish Administration Console
• http-listener-1: for hosted applications HTTP connections (QPR UI is the hosted application)
• http-listener-2: for hosted applications HTTPS connections

Changing Glassfish Administrator Password

It is highly recommended to change the default administrator password for Glassfish. It can be done as follows:

1. Open the GlassFish Administration Console as described in Opening GlassFish Administration Console.
2. Clicking Domain -> Administrator Password and define a new password.

Setting up SSL/HTTPS

There are two alternatives for setting up SSL/HTTPS connection:

• Route Traffic Through IIS: This is the recommended way, because it's easier to maintain than SSL configuration in GlassFish. See Routing Through IIS in QPR UI and configure the SSL sertificate in IIS.
• SSL Configuration in GlassFish: SSL can be configured to GlassFish. For that, follow the instruction below.

Note that the instructions assume that your SSL certificate is in the .pfx format. For other formats some commands have to be altered accordingly.

1. Make sure your Java JRE bin folder is in the environment's PATH setting, so that keytool will be found.
2. Launch two command prompts with administrator rights, navigate one to <QPR UI installation root>\Glassfish\bin and the other to <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
3. Make backup copies of keystore.jks, cacerts.jks and domain.xml in <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
4. Open the Glassfish Administration Console at http://<hostname>:4848. If you haven't done so, change the administrator password. Use a password longer than six characters.
5. In the Glassfish Administration Console , go to Server (Admin Server) -> Secure Administration -> Enable secure administration. Note that at this point the secure admin will still be using a self-signed certificate, which will cause warnings in browsers. As we know the reason for the warning, we can ignore it this time and proceed to the secure administration despite the certificate error.
6. Stop the domain from the server (Admin Server) page or by running the following command line in the bin folder:

   asadmin stop-domain

7. With the command line in the bin folder, run:

   asadmin change-master-password --savemasterpassword=true

   and define a new password to replace the default "changeit" password. NOTE: This should be a different password than the admininistrator password used for regular logins. This is basically a master key to the installation and also the certificate will be using this password in a later stage, so choose an appropriately strong password that is known only by those who have access to the SSL certificate password.

8. Change to the command line in the config folder. Run:

   keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

   You'll be asked for the destination keystore password, input the password defined in previous step here. Use the same password when you're asked to re-enter the new password. Source keystore password is your SSL certificate's password. Copy the alias to e.g. Notepad, you'll be needing this later.

9. In the config folder, import the certificate also to the cacerts.jks keystore, i.e. run:

   keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore cacerts.jks -deststoretype JKS

10. In the config folder, run the following commands:

    keytool -keypasswd  -alias <key alias from step 8>

    -keystore keystore.jks keytool -keypasswd  -alias <key alias from step 8>  -keystore cacerts.jks

    You're asked for the keystore password, this is once again the password defined in step 7. When the key password is requested, enter the original SSL certificate password and then enter the password from step 7 as the new key password.

11. Start the domain by running the following command line in the bin folder:

    asadmin start-domain

12. Access the Glassfish admin panel at https://<servername>:4848
13. Expand Configurations -> server-config -> Network Config -> Network Listeners -> http-listener-2
14. Switch to the SSL tab and enable SSL3. Also change Certificate nickname to be the alias from step 8 and save the changes.
15. You can now also disable http-listener-1 to prevent access without SSL, but that is safer to do after you have verified that the SSL config works.
16. Stop the domain and open <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config\domain.xml into a text editor that's running as an administrator. Search and replace all references to s1as with the alias from step 8.
17. Save the file and restart the domain. You should now be able to access the SSL instance at https://<servername>:8181/ui/.