Payara Configuration in QPR UI

From Mea Wiki
Revision as of 06:13, 28 March 2017 by TeeHiet (talk | contribs) (403353)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Glassfish Configuration

By default Glassfish is using port 8080 for the front-end and port 4848 for the administration UI. If these ports cannot be used, they can be changed by accessing the administration UI at http://<servername>:4848. Expand Configurations -> server-config -> Network config -> Network listeners, select the listener to configure and change the Port value.

It is also highly recommended to change the default administrator password for Glassfish at Domain -> Administrator Password.

SSL Configuration

In order to configure your installation to use SSL for encrypting the communication, follow the instructions below. Note that the instructions assume that your SSL certificate is in the .pfx format. For other formats some commands have to be altered accordingly.

  1. Make sure your Java JRE bin folder is in the environment's PATH setting, so that keytool will be found.
  2. Launch two elevated command prompts, navigate one to <QPR MobileDashboard installation root>\Glassfish\bin and the other to <QPR MobileDashboard installation root>\Glassfish\glassfish\domains\domain1\config
  3. Make backup copies of keystore.jks, cacerts.jks, and domain.xml in <QPR MobileDashboard installation root>\Glassfish\glassfish\domains\domain1\config
  4. Open the Glassfish administration panel at http://<hostname>:4848. If you haven't done so, change the administrator password. Use a password longer than six characters here.
  5. In the Glassfish admin panel, go to server (Admin Server) -> Secure Administration -> Enable secure administration. Note that at this point the secure admin will still be using a self-signed certificate, which will cause warnings in browsers. As we know the reason for the warning, we can ignore it this time and proceed to the secure administration despite the certificate error.
  6. Stop the domain from the server (Admin Server) page or by running the following command line in the bin folder: 
    asadmin stop-domain
  7. With the command line in the bin folder, run: 
    asadmin change-master-password --savemasterpassword=true
    and define a new password to replace the default "changeit" password. NOTE: This should be a different password than the admininistrator password used for regular logins. This is basically a master key to the installation and also the certificate will be using this password in a later stage, so choose an appropriately strong password that is known only by those who have access to the SSL certificate password.
  8. Change to the command line in the config folder. Run: 
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS
    You'll be asked for the destination keystore password, input the password defined in previous step here. Use the same password when you're asked to re-enter the new password. Source keystore password is your SSL certificate's password. Copy the alias to e.g. Notepad, you'll be needing this later.
  9. In the config folder, import the certificate also to the cacerts.jks keystore, i.e. run: 
    keytool -importkeystore -srckeystore <your_pfx_file_name_and_path> -srcstoretype pkcs12 -destkeystore cacerts.jks -deststoretype JKS
  10. In the config folder, run the following commands: 
    keytool -keypasswd  -alias <key alias from step 8>
    -keystore keystore.jks keytool -keypasswd  -alias <key alias from step 8>  -keystore cacerts.jks
    You're asked for the keystore password, this is once again the password defined in step 7. When the key password is requested, enter the original SSL certificate password and then enter the password from step 7 as the new key password.
  11. Start the domain by running the following command line in the bin folder: 
    asadmin start-domain
  12. Access the Glassfish admin panel at https://<servername>:4848
  13. Expand Configurations -> server-config -> Network Config -> Network Listeners -> http-listener-2
  14. Switch to the SSL tab and enable SSL3. Also change Certificate nickname to be the alias from step 8 and save the changes.
  15. You can now also disable http-listener-1 to prevent access without SSL, but that is safer to do after you have verified that the SSL config works.
  16. Stop the domain and open <QPR MobileDashboard installation root>\Glassfish\glassfish\domains\domain1\config\domain.xml into a text editor that's running as an administrator. Search and replace all references to s1as with the alias from step 8.
  17. Save the file and restart the domain. You should now be able to access the SSL instance at https://<servername>:8181/mobiledash/
Retrieved from "https://wiki.onqpr.com/mea/index.php?title=Payara_Configuration_in_QPR_UI&oldid=4159"