Payara Configuration in QPR UI

From Mea Wiki
Jump to navigation Jump to search

Opening GlassFish Administration Console

GlassFish Administration Console can be accessed with a web browser by opening url http://<HOSTNAME>:4848, where <HOSTNAME> is the DNS name of the QPR UI server. Alternatively you can use http://localhost:4848 when accessing from the server itself. If the default empty password is in use, no login screen is shown and the Administration Console is directly opened.

Changing Glassfish Administrator Password

By default, GlassFish Administration Console password is empty (thus no login screen is shown when accessing GlassFish Administration Console). It is highly recommended to change the default password, that can be done as follows:

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, click Domain -> Administrator Password and define a new password.

Changing Database Connection Settings

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, expand Resources -> JDBC -> JDBC Connection Pools -> EnticeSQLPool.
  3. Click the Additional Properties tab. Database settings are in the Additional Properties table.
  4. After changing settings, click Save.
  5. Restart GlassFish Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

Changing GlassFish TCP Ports

By default, Glassfish is using ports 8080 (http) and 8181 (https) for the front-end and port 4848 for the administration UI. These ports can be changed as follows:

  1. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  2. In the left side hierarchy, expand Configurations -> server-config -> Network Config -> Network Listeners.
  3. Select the desired listener (admin-listener, http-listener1 or http-listener2), change the Port value in the General tab and click Save.
  4. Restart GlassFish Administration Console by clicking server (Admin Server) in the left side hierarchy and then the Restart button.

There are following listeners available:

  • admin-listener: for GlassFish Administration Console (by default port 4848)
  • http-listener-1: for hosted applications HTTP connections (QPR UI is the hosted application) (by default port 8080)
  • http-listener-2: for hosted applications HTTPS connections (by default port 8181)

Setting up SSL/HTTPS

There are two alternatives for setting up SSL/HTTPS connection:

  • Route Traffic Through IIS: This is the recommended way, because it's easier to maintain than SSL configuration in GlassFish. See Routing Through IIS in QPR UI and configure the SSL sertificate in IIS.
  • SSL Configuration in GlassFish: SSL can be configured to GlassFish. For that, follow the instruction below.

Note that the instructions assume that your SSL certificate is in the .pfx format. For other formats some commands have to be altered accordingly.

  1. Make sure your Java JRE bin folder is in the environment's PATH setting, so that keytool will be found.
  2. Launch two command prompts with administrator rights, navigate one to <QPR UI installation root>\Glassfish\bin and the other to <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  3. Make backup copies of keystore.jks, cacerts.jks and domain.xml in <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config.
  4. Open Glassfish Administration Console at http://<hostname>:4848. If you haven't done so, change the administrator password. Use a password longer than six characters.
  5. In Glassfish Administration Console , go to Server (Admin Server) -> Secure Administration -> Enable secure administration. Note that at this point the secure admin will still be using a self-signed certificate, which will cause warnings in browsers. As we know the reason for the warning, we can ignore it this time and proceed to the secure administration despite the certificate error.
  6. Stop the domain from the server (Admin Server) page or by running the following command line in the bin folder: 
    asadmin stop-domain
  7. With the command line in the bin folder, run: 
    asadmin change-master-password --savemasterpassword=true
    and define a new password to replace the default "changeit" password. NOTE: This should be a different password than the admininistrator password used for regular logins. This is basically a master key to the installation and also the certificate will be using this password in a later stage, so choose an appropriately strong password that is known only by those who have access to the SSL certificate password.
  8. Change to the command line in the config folder. Run: 
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
    You'll be asked for the destination keystore password, input the password defined in previous step here. Use the same password when you're asked to re-enter the new password. Source keystore password is your SSL certificate's password. Copy the alias to e.g. Notepad, you'll be needing this later.
  9. In the config folder, import the certificate also to the cacerts.jks keystore, i.e. run: 
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore cacerts.jks -deststoretype JKS
  10. In the config folder, run the following commands: 
    keytool -keypasswd  -alias <key alias from step 8>
    -keystore keystore.jks keytool -keypasswd  -alias <key alias from step 8>  -keystore cacerts.jks
    You're asked for the keystore password, this is once again the password defined in step 7. When the key password is requested, enter the original SSL certificate password and then enter the password from step 7 as the new key password.
  11. Start the domain by running the following command line in the bin folder: 
    asadmin start-domain
  12. Open GlassFish Administration Console as described in Opening GlassFish Administration Console.
  13. Expand Configurations -> server-config -> Network Config -> Network Listeners -> http-listener-2
  14. Switch to the SSL tab and enable SSL3. Also change Certificate nickname to be the alias from step 8 and save the changes.
  15. You can now also disable http-listener-1 to prevent access without SSL, but that is safer to do after you have verified that the SSL config works.
  16. Stop the domain and open <QPR UI installation root>\Glassfish\glassfish\domains\domain1\config\domain.xml into a text editor that's running as an administrator. Search and replace all references to s1as with the alias from step 8.
  17. Save the file and restart the domain. You should now be able to access the SSL instance at https://<servername>:8181/ui/.
Retrieved from "https://wiki.onqpr.com/mea/index.php?title=Payara_Configuration_in_QPR_UI&oldid=7971"