Difference between revisions of "Payara Configuration in QPR UI"

From Mea Wiki
Jump to navigation Jump to search
 
(86 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Access GlassFish Administration Console ==
+
QPR UI server runs in the Payara web server. This page contains instructions how to configure the Payara server if needed. There are no mandatory configurations needed for the Payara.
GlassFish Administration Console can be accessed at '''<nowiki>http://SERVERNAME:4848</nowiki>''', where SERVERNAME is the name of the server. Alternatively you can use '''<nowiki>http://localhost:4848</nowiki>''' when accessing from the server itself.
 
  
== Change GlassFish Port ==
+
== Opening Payara Administration Console ==
By default, Glassfish is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:
+
'''Payara Administration Console''' can be accessed with a web browser by opening url '''<nowiki>http://<HOSTNAME>:4848</nowiki>''', where '''<HOSTNAME>''' is the DNS name of the QPR UI server. Alternatively you can use '''<nowiki>http://localhost:4848</nowiki>''' when accessing from the server itself. If the default empty password is in use, no login screen is shown and the Administration Console is directly opened.
# Access the administration UI as described in Accessing '''GlassFish control panel'''.
 
# Expand '''Configurations''' -> '''server-config''' -> '''Network Config''' -> '''Network Listeners'''
 
# Select the listener to configure and change the '''Port''' value.
 
  
By default, there are following listeners:
+
== Opening Payara Log ==
* '''admin-listener''': for GlassFish Administration Console
+
QPR UI Server writes log to the Payara log file, which is located by default in '''C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\logs\'''. The latest logs are in the '''server.log''' file, and older logs are stored to other files in the same folder.
* '''http-listener-1''': for hosted applications HTTP connections (QPR UI is the hosted application)
 
* '''http-listener-1''': for hosted applications HTTPS connections
 
  
== Change Glassfish Administrator Password==
+
== Changing Payara Administrator Password==
It is highly recommended to change the default administrator password for Glassfish at '''Domain''' -> '''Administrator Password'''.
+
By default, Payara Administration Console password is empty (thus no login screen is shown when accessing Payara Administration Console). It is highly recommended to change the default password, that can be done as follows:
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, click '''Domain''' -> '''Administrator Password''', define a new password twice and click '''Save'''.
  
== SSL Configuration ==
+
Here is a Powershell script to change Payara Administrator password:
There are two alternatives for setting up secure connection:
+
<pre>
 +
#Change Payara Administrator Password (CMD popup will ask for password. Default Payara admin credentials: admin/admin)
 +
Start-Process -FilePath "C:\Program Files\QPR Software Plc\QPR UI\Glassfish\bin\asadmin" -ArgumentList "change-admin-password" -Wait
 +
Start-Process -FilePath "C:\Program Files\QPR Software Plc\QPR UI\Glassfish\bin\asadmin" -ArgumentList 'set configs.config.server-config.http-service.virtual-server.server.property.errorReportValve=""' -Wait
 +
</pre>
  
=== Alternative 1: Routing Traffic Through IIS ===
+
== Database Connection Settings ==
This is the recommended way, because it's easier to maintain than SSL configuration in GlassFish. See [[Routing Through IIS in QPR UI]] and configure the SSL sertificate in IIS.
+
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, expand and open '''Resources''' -> '''JDBC''' -> '''JDBC Connection Pools''' -> '''EnticeSQLPool'''.
 +
# Click the '''Additional Properties''' tab. Database settings are in the '''Additional Properties''' table. See a list of all settings in the table below. After changing settings, click '''Save'''.
 +
# Restart Payara Administration Console by clicking '''server (Admin Server)''' in the left side hierarchy and then the '''Restart''' button.
 +
# Check the Payara log in '''C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\logs\server.log''', whether there are lines containing errors (you can search by texts '''[SEVERE]''' and  '''[WARNING]'''). Database connection related errors listed in the table below.
  
=== Alternative 2: SSL Configuration in GlassFish ===
+
Database connection settings:
In order to configure your installation to use SSL for encrypting the communication, follow the instructions below. Note that the instructions assume that your SSL certificate is in the .pfx format. For other formats some commands have to be altered accordingly.<br>
+
{| class="wikitable"
 +
!'''Setting name'''
 +
!'''Description'''
 +
|-
 +
||ServerName
 +
||Database server hostname (DNS name). You can use '''localhost''' if the SQL Server has been installed in the same Windows server as QPR UI.
 +
|-
 +
||portnumber
 +
||The port where SQL Server is listening. If the port number is specified, no request to the SQL Server Browser is made. When the port and instance are both specified, the connection is made to the specified port. However, the instance is validated and an error is thrown if it does not match the port.
 +
|-
 +
||instance
 +
||The SQL Server instance name to connect to. When it is not specified, a connection is made to the default instance.
 +
|-
 +
||DatabaseName
 +
||QPR UI database name.
 +
|-
 +
||User
 +
||SQL Server Login name or AD username to login to the SQL Server.
 +
|-
 +
||password
 +
||Password for the user (defined in the User field). Text in the field is '''${ALIAS=sqlpass}''', which refers to an alias. The password can be changed by clicking '''Domain''' in the left side hierarchy, then click '''Password Aliases''', and then click '''sqlpass'. Define a new password on click '''Save'''. More information on Payara password alises: https://docs.oracle.com/cd/E18930_01/html/821-2435/ghgrp.html#ghgqc.
 +
|-
 +
||BufferMinPackets
 +
||Do not change this field. The value must be '''8'''.
 +
|-
 +
||AutoCommit
 +
||Do not change this field. The value must be '''true'''.
 +
|-
 +
||sendstringparametersasunicode
 +
||Do not change this field. The value must be '''true'''.
 +
|}
  
 +
More information about JDBC settings: https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties.
 +
 +
Database connection related errors:
 +
{| class="wikitable"
 +
!'''Error message'''
 +
!'''Reason and repair'''
 +
|-
 +
||Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Unknown server host name 'X'
 +
||Unable to reach the configured '''ServerName'''.
 +
|-
 +
||Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Server X has no instance named Y
 +
||In the configured '''ServerName''' there is no SQL Server instance with name '''instance'''.
 +
|-
 +
||Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Network error IOException: Connection refused: connect
 +
||Unable to open TCP connection to the configured '''ServerName''' and '''portnumber'''.
 +
|-
 +
||Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Login failed for user 'X'
 +
||The database server found, but was unable login with configured '''User''' and '''password'''.
 +
|-
 +
||Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Cannot open database "X" requested by the login. The login failed.
 +
||The database server found and login was successful, but was unable to open configured database '''DatabaseName'''. The database might not exist or user doesn't have permissions to access the database.
 +
|-
 +
||Internal Exception: java.sql.SQLException: Invalid object name 'CONFIGURATIONENTITY'
 +
||The database server found, login was successful, and database found, but the database doesn't seem to be valid QPR UI database (tried to read table CONFIGURATIONENTITY which should exist in the database).
 +
|}
 +
 +
== Changing Payara TCP Ports ==
 +
By default, Payara is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, expand and open '''Configurations''' -> '''server-config''' -> '''Network Config''' -> '''Network Listeners'''.
 +
# Select the desired listener ('''admin-listener''', '''http-listener1''' or '''http-listener2'''), change the '''Port''' value in the '''General''' tab and click '''Save'''.
 +
# Restart Payara Administration Console by clicking '''server (Admin Server)''' in the left side hierarchy and then the '''Restart''' button.
 +
 +
There are following listeners available:
 +
* '''admin-listener''': for Payara Administration Console (by default port 4848)
 +
* '''http-listener-1''': for hosted applications HTTP connections (QPR UI is the hosted application) (by default port 8080)
 +
* '''http-listener-2''': for hosted applications HTTPS connections (by default port 8181)
 +
 +
== Optimized Settings for QPR UI==
 +
Starting from QPR UI 2019.2, the QPR UI installer sets the following optimized Payara settings. These settings changes are not done when doing an upgrade installation, so you need to set them manually using the Payara Administration Console.
 +
 +
After changing these settings, restart Payara Administration Console by clicking '''server (Admin Server)''' in the left side hierarchy and then the '''Restart''' button.
 +
 +
=== Thread Pool Size ===
 +
The default settings for thread pools in the Payara are not optimal for production usage. Increase the thread pool size as follows:
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, expand and open '''Configurations''' -> '''server-config''' -> '''Thread Pools''' -> '''http-thread-pool'''.
 +
# Set '''Max Thread Pool Size''' to '''500''' and '''Min Thread Pool Size''' to '''500'''. Click '''Save''' button. A larger value may be needed in environments with heavy load. According to Payara documentation, usually a suitable value is between 100 and 500.
 +
# Click '''Save'''.
 +
 +
Symptoms for too low thread pool size are error messages '''Connection closed''' (when connecting directly to Payara) and '''Bad Gateway''' (when routing traffic through IIS).
 +
 +
=== Turning Off Auto Deploy and Dynamic Application Reloading ===
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, select '''Domain'''.
 +
# On the '''Applications Configuration''' tab, untick the '''Reload''' and '''Auto Deploy''' options.
 +
# Click '''Save'''.
 +
 +
=== Java Virtual Machine Memory Settings===
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, expand and open '''Configurations''' -> '''server-config''' -> '''JVM Settings'''.
 +
# On the '''JVM Options''' tab:
 +
#* Increase the '''XX:MaxPermSize''' value to '''256m'''.
 +
#* Make sure that the tab contains a value called '''-server''' and not '''-client'''.
 +
#* Increase the '''Xmx''' value to '''768m'''.
 +
# Click '''Save'''.
 +
 +
=== Acceptor Threads Count===
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, expand and open '''Configurations''' -> '''server-config''' -> '''Network Config''' -> '''Transports''' -> '''tcp'''.
 +
# Set the value of the '''Acceptor Threads''' setting to '''2'''.
 +
# Click '''Save'''.
 +
 +
=== Deployment Order for QPR UI Applications ===
 +
# Open [[Payara_Configuration_in_QPR_UI#Opening Payara Administration Console|Payara Administration Console]].
 +
# In the left side hierarchy, select '''Applications'''.
 +
# Verify that for the '''Entice''' application, the value of the '''Deployment Order''' setting is '''100''', and for the '''EnticeServices''', the value is '''99'''.
 +
# To change either of the values, click on either '''Entice''' or '''EnticeServices''', input the new value to the '''Deployment Order''' field, and click '''Save'''.
 +
 +
== Customized Error Pages ==
 +
By default, Payara returns error pages for HTTP errors (such as 404 or 500), that reveals the web server to be a Payara which might not be desired from the security point of view. Follow these instructions to change Payara error pages to custom pages (which contents can be controlled):
 +
* 1. Create folder for the error pages, e.g. '''C:/PayaraErrorPages/'''. (note that the path must not contain any spaces).
 +
* 2. Create a file '''error.html''' to the created folder (to be the custom error html page). Using a text editor, add the following content to the file or use your own error page:
 +
<pre>
 +
<!doctype html>
 +
<html>
 +
  <head>
 +
    <title>Error in QPR UI</title>
 +
  </head>
 +
  <body>
 +
    Error in QPR UI.
 +
  </body>
 +
</html>
 +
</pre>
 +
* 3. Open file '''C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\config\domain.xml''' and locate section '''domain''' -> '''configs''' -> '''config''' (the one with attribute '''name''' is '''server-config''') -> '''http-service''' -> '''virtual-server'''. Add the following lines inside the '''virtual-server''' tag (change the path to the error file if needed):
 +
<pre>
 +
<property name="send-error_1" value="code=403 path=C:/GlassFishErrorPages/error.html"></property>
 +
<property name="send-error_2" value="code=404 path=C:/GlassFishErrorPages/error.html"></property>
 +
<property name="send-error_3" value="code=405 path=C:/GlassFishErrorPages/error.html"></property>
 +
<property name="send-error_4" value="code=500 path=C:/GlassFishErrorPages/error.html"></property>
 +
</pre>
 +
There is an own line for each HTTP error code, so add lines for each HTTP error code that need a custom error page.
 +
 +
* 4. Restart Payara from Windows Services.
 +
* 5. Test that the error pages work. For example, to get the 404 error, try a url that doesn't exist in the server.
 +
 +
Note that if [[Setting up IIS as Reverse Proxy for QPR UI|using IIS as a Reverse Proxy for QPR UI]], custom error pages also need to be configured to IIS (more information: https://blogs.msdn.microsoft.com/webtopics/2008/05/27/iis-7-0-http-error-pages/).
 +
 +
== Importing SSL Certificate to Payara ==
 +
When using HTTPS connection between Payara and QPR Suite Web Service and/or QPR ProcessAnalyzer Web Service, it may be that Payara doesn't automatically accept the SSL certificate in use on the QPR Suite Web Service / QPR ProcessAnalyzer Web Service end. This can happen for example when the certificate is issued by a local certificate authority. In these cases, the certificate needs to be imported to Payara:
 +
 +
# Copy the '''certificate (.cer) file''' to the server where Payara (QPR UI) is installed.
 
# Make sure your Java JRE bin folder is in the [https://www.java.com/en/download/help/path.xml environment's PATH setting], so that keytool will be found.
 
# Make sure your Java JRE bin folder is in the [https://www.java.com/en/download/help/path.xml environment's PATH setting], so that keytool will be found.
# Launch two command prompts with administrator rights, navigate one to <QPR UI installation root>\Glassfish\bin and the other to <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config
+
# Make backup copies of '''keystore.jks''', '''cacerts.jks''' and '''domain.xml''' in '''<QPR UI installation root>\Glassfish\glassfish\domains\domain1\config'''.
# Make backup copies of keystore.jks, cacerts.jks, and domain.xml in <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config
+
# Open Payara Administration Console at '''http://<hostname>:4848'''.
# Open the Glassfish administration panel at http://<hostname>:4848. If you haven't done so, change the administrator password. Use a password longer than six characters here.
+
# Stop the domain from the Payara Administration Console server (Admin Server) page.
# In the Glassfish admin panel, go to server (Admin Server) -> Secure Administration -> Enable secure administration. Note that at this point the secure admin will still be using a self-signed certificate, which will cause warnings in browsers. As we know the reason for the warning, we can ignore it this time and proceed to the secure administration despite the certificate error.
+
# Launch a command prompt with administrator rights, navigate to '''<QPR UI installation root>\Glassfish\glassfish\domains\domain1\config'''.
# Stop the domain from the server (Admin Server) page or by running the following command line in the bin folder:
+
# In the config folder, run the following command (replace the <your_alias_here> with an alias of your choice and <certificate_path> with the path to the certificate you copied in step 1):
#: <pre>asadmin stop-domain</pre>
+
#: <pre>keytool -import -trustcacerts -alias <your_alias_here> -file "<certificate_path>" -keystore cacerts.jks</pre>
# With the command line in the bin folder, run:
+
#: You're asked for the keystore password, if you haven't already changed it, the password is "changeit".
#: <pre>asadmin change-master-password --savemasterpassword=true</pre> and define a new password to replace the default "changeit" password. NOTE: This should be a different password than the admininistrator password used for regular logins. This is basically a master key to the installation and also the certificate will be using this password in a later stage, so choose an appropriately strong password that is known only by those who have access to the SSL certificate password.
+
# Similarly, run the following command:
# Change to the command line in the config folder. Run:
+
#: <pre>keytool -import -trustcacerts -alias <your_alias_here> -file "<certificate_path>" -keystore keystore.jks</pre>
#: <pre>keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS</pre> You'll be asked for the destination keystore password, input the password defined in previous step here. Use the same password when you're asked to re-enter the new password. Source keystore password is your SSL certificate's password. Copy the alias to e.g. Notepad, you'll be needing this later.
+
# Start the domain, e.g. by restarting the QPR Ui service.
# In the config folder, import the certificate also to the cacerts.jks keystore, i.e. run:
 
#: <pre>keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore cacerts.jks -deststoretype JKS</pre>
 
# In the config folder, run the following commands:
 
#:<pre>keytool -keypasswd  -alias <key alias from step 8></pre>
 
#:<pre>-keystore keystore.jks keytool -keypasswd  -alias <key alias from step 8> -keystore cacerts.jks</pre>
 
#: You're asked for the keystore password, this is once again the password defined in step 7. When the key password is requested, enter the original SSL certificate password and then enter the password from step 7 as the new key password.
 
# Start the domain by running the following command line in the bin folder:
 
#: <pre>asadmin start-domain</pre>
 
# Access the Glassfish admin panel at  https://<servername>:4848
 
# Expand Configurations -> server-config -> Network Config -> Network Listeners -> http-listener-2
 
# Switch to the SSL tab and enable SSL3. Also change Certificate nickname to be the alias from step 8 and save the changes.
 
# You can now also disable http-listener-1 to prevent access without SSL, but that is safer to do after you have verified that the SSL config works.
 
# Stop the domain and open <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config\domain.xml into a text editor that's running as an administrator. Search and replace all references to s1as with the alias from step 8.
 
# Save the file and restart the domain. You should now be able to access the SSL instance at https://<servername>:8181/mobiledash/
 
  
 
[[Category: QPR UI]]
 
[[Category: QPR UI]]

Latest revision as of 12:30, 23 December 2019

QPR UI server runs in the Payara web server. This page contains instructions how to configure the Payara server if needed. There are no mandatory configurations needed for the Payara.

Opening Payara Administration Console

Payara Administration Console can be accessed with a web browser by opening url http://<HOSTNAME>:4848, where <HOSTNAME> is the DNS name of the QPR UI server. Alternatively you can use http://localhost:4848 when accessing from the server itself. If the default empty password is in use, no login screen is shown and the Administration Console is directly opened.

Opening Payara Log

QPR UI Server writes log to the Payara log file, which is located by default in C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\logs\. The latest logs are in the server.log file, and older logs are stored to other files in the same folder.

Changing Payara Administrator Password

By default, Payara Administration Console password is empty (thus no login screen is shown when accessing Payara Administration Console). It is highly recommended to change the default password, that can be done as follows:

  1. Open Payara Administration Console.
  2. In the left side hierarchy, click Domain -> Administrator Password, define a new password twice and click Save.

Here is a Powershell script to change Payara Administrator password:

#Change Payara Administrator Password (CMD popup will ask for password. Default Payara admin credentials: admin/admin)
Start-Process -FilePath "C:\Program Files\QPR Software Plc\QPR UI\Glassfish\bin\asadmin" -ArgumentList "change-admin-password" -Wait
Start-Process -FilePath "C:\Program Files\QPR Software Plc\QPR UI\Glassfish\bin\asadmin" -ArgumentList 'set configs.config.server-config.http-service.virtual-server.server.property.errorReportValve=""' -Wait

Database Connection Settings

  1. Open Payara Administration Console.
  2. In the left side hierarchy, expand and open Resources -> JDBC -> JDBC Connection Pools -> EnticeSQLPool.
  3. Click the Additional Properties tab. Database settings are in the Additional Properties table. See a list of all settings in the table below. After changing settings, click Save.
  4. Restart Payara Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.
  5. Check the Payara log in C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\logs\server.log, whether there are lines containing errors (you can search by texts [SEVERE] and [WARNING]). Database connection related errors listed in the table below.

Database connection settings:

Setting name Description
ServerName Database server hostname (DNS name). You can use localhost if the SQL Server has been installed in the same Windows server as QPR UI.
portnumber The port where SQL Server is listening. If the port number is specified, no request to the SQL Server Browser is made. When the port and instance are both specified, the connection is made to the specified port. However, the instance is validated and an error is thrown if it does not match the port.
instance The SQL Server instance name to connect to. When it is not specified, a connection is made to the default instance.
DatabaseName QPR UI database name.
User SQL Server Login name or AD username to login to the SQL Server.
password Password for the user (defined in the User field). Text in the field is ${ALIAS=sqlpass}, which refers to an alias. The password can be changed by clicking Domain in the left side hierarchy, then click Password Aliases, and then click sqlpass'. Define a new password on click Save. More information on Payara password alises: https://docs.oracle.com/cd/E18930_01/html/821-2435/ghgrp.html#ghgqc.
BufferMinPackets Do not change this field. The value must be 8.
AutoCommit Do not change this field. The value must be true.
sendstringparametersasunicode Do not change this field. The value must be true.

More information about JDBC settings: https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties.

Database connection related errors:

Error message Reason and repair
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Unknown server host name 'X' Unable to reach the configured ServerName.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Server X has no instance named Y In the configured ServerName there is no SQL Server instance with name instance.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Network error IOException: Connection refused: connect Unable to open TCP connection to the configured ServerName and portnumber.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Login failed for user 'X' The database server found, but was unable login with configured User and password.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Cannot open database "X" requested by the login. The login failed. The database server found and login was successful, but was unable to open configured database DatabaseName. The database might not exist or user doesn't have permissions to access the database.
Internal Exception: java.sql.SQLException: Invalid object name 'CONFIGURATIONENTITY' The database server found, login was successful, and database found, but the database doesn't seem to be valid QPR UI database (tried to read table CONFIGURATIONENTITY which should exist in the database).

Changing Payara TCP Ports

By default, Payara is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:

  1. Open Payara Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> Network Config -> Network Listeners.
  3. Select the desired listener (admin-listener, http-listener1 or http-listener2), change the Port value in the General tab and click Save.
  4. Restart Payara Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

There are following listeners available:

  • admin-listener: for Payara Administration Console (by default port 4848)
  • http-listener-1: for hosted applications HTTP connections (QPR UI is the hosted application) (by default port 8080)
  • http-listener-2: for hosted applications HTTPS connections (by default port 8181)

Optimized Settings for QPR UI

Starting from QPR UI 2019.2, the QPR UI installer sets the following optimized Payara settings. These settings changes are not done when doing an upgrade installation, so you need to set them manually using the Payara Administration Console.

After changing these settings, restart Payara Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

Thread Pool Size

The default settings for thread pools in the Payara are not optimal for production usage. Increase the thread pool size as follows:

  1. Open Payara Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> Thread Pools -> http-thread-pool.
  3. Set Max Thread Pool Size to 500 and Min Thread Pool Size to 500. Click Save button. A larger value may be needed in environments with heavy load. According to Payara documentation, usually a suitable value is between 100 and 500.
  4. Click Save.

Symptoms for too low thread pool size are error messages Connection closed (when connecting directly to Payara) and Bad Gateway (when routing traffic through IIS).

Turning Off Auto Deploy and Dynamic Application Reloading

  1. Open Payara Administration Console.
  2. In the left side hierarchy, select Domain.
  3. On the Applications Configuration tab, untick the Reload and Auto Deploy options.
  4. Click Save.

Java Virtual Machine Memory Settings

  1. Open Payara Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> JVM Settings.
  3. On the JVM Options tab:
    • Increase the XX:MaxPermSize value to 256m.
    • Make sure that the tab contains a value called -server and not -client.
    • Increase the Xmx value to 768m.
  4. Click Save.

Acceptor Threads Count

  1. Open Payara Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> Network Config -> Transports -> tcp.
  3. Set the value of the Acceptor Threads setting to 2.
  4. Click Save.

Deployment Order for QPR UI Applications

  1. Open Payara Administration Console.
  2. In the left side hierarchy, select Applications.
  3. Verify that for the Entice application, the value of the Deployment Order setting is 100, and for the EnticeServices, the value is 99.
  4. To change either of the values, click on either Entice or EnticeServices, input the new value to the Deployment Order field, and click Save.

Customized Error Pages

By default, Payara returns error pages for HTTP errors (such as 404 or 500), that reveals the web server to be a Payara which might not be desired from the security point of view. Follow these instructions to change Payara error pages to custom pages (which contents can be controlled):

  • 1. Create folder for the error pages, e.g. C:/PayaraErrorPages/. (note that the path must not contain any spaces).
  • 2. Create a file error.html to the created folder (to be the custom error html page). Using a text editor, add the following content to the file or use your own error page:
<!doctype html>
<html>
  <head>
    <title>Error in QPR UI</title>
  </head>
  <body>
    Error in QPR UI.
  </body>
</html>
  • 3. Open file C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\config\domain.xml and locate section domain -> configs -> config (the one with attribute name is server-config) -> http-service -> virtual-server. Add the following lines inside the virtual-server tag (change the path to the error file if needed):
<property name="send-error_1" value="code=403 path=C:/GlassFishErrorPages/error.html"></property>
<property name="send-error_2" value="code=404 path=C:/GlassFishErrorPages/error.html"></property>
<property name="send-error_3" value="code=405 path=C:/GlassFishErrorPages/error.html"></property>
<property name="send-error_4" value="code=500 path=C:/GlassFishErrorPages/error.html"></property>

There is an own line for each HTTP error code, so add lines for each HTTP error code that need a custom error page.

  • 4. Restart Payara from Windows Services.
  • 5. Test that the error pages work. For example, to get the 404 error, try a url that doesn't exist in the server.

Note that if using IIS as a Reverse Proxy for QPR UI, custom error pages also need to be configured to IIS (more information: https://blogs.msdn.microsoft.com/webtopics/2008/05/27/iis-7-0-http-error-pages/).

Importing SSL Certificate to Payara

When using HTTPS connection between Payara and QPR Suite Web Service and/or QPR ProcessAnalyzer Web Service, it may be that Payara doesn't automatically accept the SSL certificate in use on the QPR Suite Web Service / QPR ProcessAnalyzer Web Service end. This can happen for example when the certificate is issued by a local certificate authority. In these cases, the certificate needs to be imported to Payara:

  1. Copy the certificate (.cer) file to the server where Payara (QPR UI) is installed.
  2. Make sure your Java JRE bin folder is in the environment's PATH setting, so that keytool will be found.
  3. Make backup copies of keystore.jks, cacerts.jks and domain.xml in <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  4. Open Payara Administration Console at http://<hostname>:4848.
  5. Stop the domain from the Payara Administration Console server (Admin Server) page.
  6. Launch a command prompt with administrator rights, navigate to <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  7. In the config folder, run the following command (replace the <your_alias_here> with an alias of your choice and <certificate_path> with the path to the certificate you copied in step 1):
    keytool -import -trustcacerts -alias <your_alias_here> -file "<certificate_path>" -keystore cacerts.jks
    You're asked for the keystore password, if you haven't already changed it, the password is "changeit".
  8. Similarly, run the following command:
    keytool -import -trustcacerts -alias <your_alias_here> -file "<certificate_path>" -keystore keystore.jks
  9. Start the domain, e.g. by restarting the QPR Ui service.