Difference between revisions of "Payara Configuration in QPR UI"

From Mea Wiki
Jump to navigation Jump to search
Line 92: Line 92:
 
# Restart GlassFish Administration Console by clicking '''server (Admin Server)''' in the left side hierarchy and then the '''Restart''' button.
 
# Restart GlassFish Administration Console by clicking '''server (Admin Server)''' in the left side hierarchy and then the '''Restart''' button.
  
Symptom for too low thread pool size are error messages '''Connection closed''' (when connecting directly to GlassFish) or '''Bad Gateway''' (when routing traffic through IIS).
+
Symptom for too low thread pool size are error messages '''Connection closed''' (when connecting directly to GlassFish) and '''Bad Gateway''' (when routing traffic through IIS).
  
 
== Setting up SSL/HTTPS ==
 
== Setting up SSL/HTTPS ==

Revision as of 11:35, 3 October 2018

Opening GlassFish Administration Console

GlassFish Administration Console can be accessed with a web browser by opening url http://<HOSTNAME>:4848, where <HOSTNAME> is the DNS name of the QPR UI server. Alternatively you can use http://localhost:4848 when accessing from the server itself. If the default empty password is in use, no login screen is shown and the Administration Console is directly opened.

Changing Glassfish Administrator Password

By default, GlassFish Administration Console password is empty (thus no login screen is shown when accessing GlassFish Administration Console). It is highly recommended to change the default password, that can be done as follows:

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, click Domain -> Administrator Password, define a new password twice and click Save.

Changing Database Connection Settings

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, expand and open Resources -> JDBC -> JDBC Connection Pools -> EnticeSQLPool.
  3. Click the Additional Properties tab. Database settings are in the Additional Properties table. See a list of all settings in the table below. After changing settings, click Save.
  4. Restart GlassFish Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.
  5. Check the GlassFish log in C:\Program Files\QPR Software Plc\QPR UI\Glassfish\glassfish\domains\domain1\logs\server.log, whether there are lines containing errors (you can search by texts [SEVERE] and [WARNING]). Database connection related errors listed in the table below.

Database connection settings:

Setting name Description
ServerName Database server hostname (DNS name). You can use localhost if the SQL Server has been installed in the same Windows server as QPR UI.
portnumber The port where SQL Server is listening. If the port number is specified, no request to the SQL Server Browser is made. When the port and instance are both specified, the connection is made to the specified port. However, the instance is validated and an error is thrown if it does not match the port.
instance The SQL Server instance name to connect to. When it is not specified, a connection is made to the default instance.
DatabaseName QPR UI database name.
User SQL Server Login name or AD username to login to the SQL Server.
password Password for the user (defined in the User field). Text in the field is ${ALIAS=sqlpass}, which refers to an alias. The password can be changed by clicking Domain in the left side hierarchy, then click Password Aliases, and then click sqlpass'. Define a new password on click Save. More information on GlassFish password alises: https://docs.oracle.com/cd/E18930_01/html/821-2435/ghgrp.html#ghgqc.
BufferMinPackets Do not change this field. The value must be 8.
AutoCommit Do not change this field. The value must be true.
sendstringparametersasunicode Do not change this field. The value must be true.

More information about JDBC settings: https://docs.microsoft.com/en-us/sql/connect/jdbc/setting-the-connection-properties.

Database connection related errors:

Error message Reason and repair
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Unknown server host name 'X' Unable to reach the configured ServerName.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Server X has no instance named Y In the configured ServerName there is no SQL Server instance with name instance.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Network error IOException: Connection refused: connect Unable to open TCP connection to the configured ServerName and portnumber.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Login failed for user 'X' The database server found, but was unable login with configured User and password.
Internal Exception: java.sql.SQLException: Error in allocating a connection. Cause: Connection could not be allocated because: Cannot open database "X" requested by the login. The login failed. The database server found and login was successful, but was unable to open configured database DatabaseName. The database might not exist or user doesn't have permissions to access the database.
Internal Exception: java.sql.SQLException: Invalid object name 'CONFIGURATIONENTITY' The database server found, login was successful, and database found, but the database doesn't seem to be valid QPR UI database (tried to read table CONFIGURATIONENTITY which should exist in the database).

Changing GlassFish TCP Ports

By default, Glassfish is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> Network Config -> Network Listeners.
  3. Select the desired listener (admin-listener, http-listener1 or http-listener2), change the Port value in the General tab and click Save.
  4. Restart GlassFish Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

There are following listeners available:

  • admin-listener: for GlassFish Administration Console (by default port 4848)
  • http-listener-1: for hosted applications HTTP connections (QPR UI is the hosted application) (by default port 8080)
  • http-listener-2: for hosted applications HTTPS connections (by default port 8181)

Adjusting Thread Pool Size

The default settings for the thread pool in the GlassFish is not optimal for production usage. Increase the thread pool size as follows:

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, expand and open Configurations -> server-config -> Thread Pools -> http-thread-pool.
  3. Set Max Thread Pool Size to 100 and Min Thread Pool Size to 100. Click Save button. (Event a larger value may be needed in environments with heavy load.)
  4. Restart GlassFish Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

Symptom for too low thread pool size are error messages Connection closed (when connecting directly to GlassFish) and Bad Gateway (when routing traffic through IIS).

Setting up SSL/HTTPS

There are two alternatives for setting up SSL/HTTPS connection:

  • Route Traffic Through IIS: This is the recommended way, because it's easier to maintain than SSL configuration in GlassFish. See Routing Through IIS in QPR UI and configure the SSL sertificate in IIS.
  • SSL Configuration in GlassFish: SSL can be configured to GlassFish. For that, follow the instruction below.

Note that the instructions assume that your SSL certificate is in the .pfx format. For other formats some commands have to be altered accordingly.

  1. Make sure your Java JRE bin folder is in the environment's PATH setting, so that keytool will be found.
  2. Launch two command prompts with administrator rights, navigate one to <QPR UI installation root>\Glassfish\bin and the other to <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  3. Make backup copies of keystore.jks, cacerts.jks and domain.xml in <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  4. Open Glassfish Administration Console at http://<hostname>:4848. If you haven't done so, change the administrator password. Use a password longer than six characters.
  5. In Glassfish Administration Console , go to Server (Admin Server) -> Secure Administration -> Enable secure administration. Note that at this point the secure admin will still be using a self-signed certificate, which will cause warnings in browsers. As we know the reason for the warning, we can ignore it this time and proceed to the secure administration despite the certificate error.
  6. Stop the domain from the server (Admin Server) page or by running the following command line in the bin folder:
    asadmin stop-domain
  7. With the command line in the bin folder, run:
    asadmin change-master-password --savemasterpassword=true
    and define a new password to replace the default "changeit" password. NOTE: This should be a different password than the admininistrator password used for regular logins. This is basically a master key to the installation and also the certificate will be using this password in a later stage, so choose an appropriately strong password that is known only by those who have access to the SSL certificate password.
  8. Change to the command line in the config folder. Run:
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
    You'll be asked for the destination keystore password, input the password defined in previous step here. Use the same password when you're asked to re-enter the new password. Source keystore password is your SSL certificate's password. Copy the alias to e.g. Notepad, you'll be needing this later.
  9. In the config folder, import the certificate also to the cacerts.jks keystore, i.e. run:
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore cacerts.jks -deststoretype JKS
  10. In the config folder, run the following commands:
    keytool -keypasswd  -alias <key alias from step 8>
    -keystore keystore.jks keytool -keypasswd  -alias <key alias from step 8>  -keystore cacerts.jks
    You're asked for the keystore password, this is once again the password defined in step 7. When the key password is requested, enter the original SSL certificate password and then enter the password from step 7 as the new key password.
  11. Start the domain by running the following command line in the bin folder:
    asadmin start-domain
  12. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  13. Expand and open Configurations -> server-config -> Network Config -> Network Listeners -> http-listener-2.
  14. Switch to the SSL tab and enable SSL3. Also change Certificate nickname to be the alias from step 8 and save the changes.
  15. You can now also disable http-listener-1 to prevent access without SSL, but that is safer to do after you have verified that the SSL config works.
  16. Stop the domain and open <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config\domain.xml into a text editor that's running as an administrator. Search and replace all references to s1as with the alias from step 8.
  17. Save the file and restart the domain. You should now be able to access the SSL instance at https://<servername>:8181/ui/.