IBM WebSphere Application Operation Guide
WebSphere Application Operation Guide
- Test OS : windows 10
- Test Version : Liberty profile, Eclipse
Test Environment
Site Link :
http://tomcat.apache.org/
tomcat 설치전에 원하는 자바 버전을 windows 환경변수에 설정.
Test Environment
Apply the following command to the httpd.conf file.
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /app/EAR/SSL
SSLEnable
SSLProtocolDisable SSLv2
SSLProtocolDisable SSLv3
SSLCipherSpec ALL NONE
SSLCipherSpec ALL +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_AES_128_CBC_SHA
</VirtualHost>
KeyFile /SW/web/HTTPServer/key/key.kdb
SSLDisable
Confirm application with the command below.
-t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations
-t -D DUMP_SSL_CIPHERS: show all known SSL ciphers
To determine which SSL ciphers are enabled on your server, you can set LogLevel debug in your httpd.conf
Test Environment
tip You can set it up on the web server of the Apache class.
Forward to the virtual host that is error-handling for non-domain specified.
The point is not to give a serverName value to a dummy virtual host.
Listen 80
Listen 4958
NameVirtualHost *:80
NameVirtualHost *:4958
<VirtualHost *:80>
DocumentRoot /app/was/htdocs
ErrorDocument 403 "해당 방식은 접근이 허용되지 않은 방식입니다."
ErrorDocument 404 "해당 방식은 접근이 허용되지 않은 방식입니다."
ErrorDocument 500 "해당 방식은 접근이 허용되지 않은 방식입니다."
</VirtualHost>
<VirtualHost *:4958>
DocumentRoot /app/was/htdocs
ErrorDocument 403 "해당 방식은 접근이 허용되지 않은 방식입니다."
ErrorDocument 404 "해당 방식은 접근이 허용되지 않은 방식입니다."
ErrorDocument 500 "해당 방식은 접근이 허용되지 않은 방식입니다."
</VirtualHost>
ProxyRequests Off
<VirtualHost *:80>
ServerName test.apache.com
ProxyPass / http://172.31.98.155/ Keepalive=on
ProxyPassReverse / http://172.31.98.155/
ProxyPreserveHost On
#LogLevel debug
ErrorLog /app/was/HTTPServer/logs/test_proxy_error.log
CustomLog /app/was/HTTPServer/logs/test_proxy_access.log combined
</VirtualHost>
<VirtualHost *:4958>
ServerName test.httpserver.com
ProxyPass / http://172.31.98.209/ Keepalive=on
ProxyPassReverse / http://172.31.98.209/
ProxyPreserveHost On
#LogLevel debug
ErrorLog /app/was/HTTPServer/logs/http_proxy_error.log
CustomLog /app/was/HTTPServer/logs/http_proxy_access.log combined
</VirtualHost>
hostnamectl set-hostname [new_hostname]
ex)[root@testServer11 bin]# ./apachectl -h Usage: /SW/web/HTTPServer/bin/httpd [-D name] [-d directory] [-f file] [-C "directive"] [-c "directive"] [-k start|restart|graceful|graceful-stop|stop] [-v] [-V] [-h] [-l] [-L] [-t] [-S] Options: -D name : define a name for use in <IfDefine name> directives -d directory : specify an alternate initial ServerRoot -f file : specify an alternate ServerConfigFile -C "directive" : process directive before reading config files -c "directive" : process directive after reading config files -e level : show startup errors of level (see LogLevel) -E file : log startup errors to file -v : show version number -V : show compile settings -h : list available command line options (this page) -l : list compiled in modules -L : list available configuration directives -t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings) -S : a synonym for -t -D DUMP_VHOSTS -t -D DUMP_MODULES : show all loaded modules -M : a synonym for -t -D DUMP_MODULES -t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations -t -D DUMP_SSL_CIPHERS: show all known SSL ciphers -t : run syntax check for config files
[root@testServer11 bin]# ./apachectl -t -D DUMP_SSL_CIPHERS SSL Ciphers: . . . SSL default cipher lists: SSL protocol SSLV2, FIPS off, defaults = SSL protocol SSLV2, FIPS on, defaults = SSL protocol SSLV3, FIPS off, defaults = TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol SSLV3, FIPS on, defaults = SSL protocol TLSv10, FIPS off, defaults = TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol TLSv10, FIPS on, defaults = TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol TLSv11, FIPS off, defaults = TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_RC4_128_SHA(35),SSL_RSA_WITH_RC4_128_MD5(34),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol TLSv11, FIPS on, defaults = TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol TLSv12, FIPS off, defaults = TLS_RSA_WITH_AES_128_GCM_SHA256(9C),TLS_RSA_WITH_AES_256_GCM_SHA384(9D),TLS_RSA_WITH_AES_128_CBC_SHA256(3C),TLS_RSA_WITH_AES_256_CBC_SHA256(3D),TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) SSL protocol TLSv12, FIPS on, defaults = TLS_RSA_WITH_AES_128_GCM_SHA256(9C),TLS_RSA_WITH_AES_256_GCM_SHA384(9D),TLS_RSA_WITH_AES_128_CBC_SHA256(3C),TLS_RSA_WITH_AES_256_CBC_SHA256(3D),TLS_RSA_WITH_AES_128_CBC_SHA(2F),TLS_RSA_WITH_AES_256_CBC_SHA(35b),SSL_RSA_WITH_3DES_EDE_CBC_SHA(3A) Syntax OK
Test Environment
TIP Change password to input method when it comes with security
. ./config/config1.sh
start(){
PID=`ps -ef | grep jboss | grep "=$NODE_NAME " | awk '{print $2}'`
if [ e$PID != "e" ]
then
echo "###############################################"
echo "JBOSS PID = $NODE_NAME $PID "
echo "JBoss SERVER - $NODE_NAME is already RUNNING..."
echo "###############################################"
exit;
fi
echo "#######################"
echo " Starting JBoss EAP "
echo "#######################"
nohup $JBOSS_HOME/bin/standalone.sh --server-config=standalone-ha.xml -Djboss.server.base.dir=$SERVER_HOME -bmanagement $SERVER_IP -b $SERVER_IP 1> /dev/null 2>&1 &
sleep 5
_up=`netstat -an | grep $CONTROLLER_PORT | grep -v grep | wc -l`
if [[ "${_up}" != "0" ]]; then
echo "###############################################"
echo "JBoss Server is Up!! $NODE_NAME And Running.!!"
echo "###############################################"
else
echo "###############################################"
echo "JBoss Server is Down!! $NODE_NAME "
echo "###############################################"
fi;
}
stop(){
echo "#######################"
echo " Stopping JBoss "
echo -e " password : \c "
read PASSWORD
echo "#######################"
$JBOSS_HOME/bin/jboss-cli.sh -c --controller=$SERVER_IP:$CONTROLLER_PORT --connect command=:shutdown --user=$USER --password=$PASSWORD
# $JBOSS_HOME/bin/jboss-cli.sh -c --controller=$SERVER_IP:$CONTROLLER_PORT --connect command=:shutdown --user=$USER --password=$PASSWD
}
status() {
echo Checking JBoss Status..
echo Wait for a while...
_up=`netstat -an | grep $CONTROLLER_PORT | grep -v grep | wc -l`
if [[ "${_up}" != "0" ]]; then
echo "###############################################"
echo "JBoss Server is Up!! $NODE_NAME And Running.!!"
echo "###############################################"
else
echo "##################################"
echo "JBoss Server is Down!! $NODE_NAME "
echo "##################################"
fi;
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
*)
echo "Usage: jboss {start|stop|status}"
exit 1
esac
exit 0
Start reading the settings for the instance from the file below
#!/bin/sh
DATE=`date +%Y%m%d%H%M%S`
##### Configration File #####
#export CONFIG_FILE=standalone-full-ha.xml
export CONFIG_FILE=standalone-ha.xml
export JBOSS_HOME=/SW/was/JBoss
export USER=admin
export SERVER_HOME=/SW/was/JBoss/TEST/TESTServer11
export SERVER_IP=10.252.16.25
export LOG_PATH=/app/logs/was
export NODE_NAME=TESTServer11
export PORT_OFFSET=750
export JBOSS_USER=admin
##### Bind Address #####
#export BIND_ADDR=10.252.16.24
export MULTICAST_ADDR=230.1.0.1
export JMS_MULTICAST_ADDR=231.7.0.1
export MODCLUSTER_MULTICAST_ADDR=224.0.1.105
export MGMT_ADDR=10.252.16.25
export CONTROLLER_IP=$MGMT_ADDR
let CONTROLLER_PORT=9999+$PORT_OFFSET
export CONTROLLER_PORT
#export LAUNCH_JBOSS_IN_BACKGROUND=true
##### JBoss System module and User module directory #####
#export JBOSS_MODULEPATH=$JBOSS_HOME/modules:$JBOSS_HOME/modules.ext
# JVM Options : Server
export JAVA_OPTS="-server $JAVA_OPTS"
# JVM Options : Memory
export JAVA_OPTS=" $JAVA_OPTS -Xms1024m -Xmx2048m -XX:MaxPermSize=256m"
export JAVA_OPTS=" $JAVA_OPTS -XX:+PrintGCTimeStamps "
export JAVA_OPTS=" $JAVA_OPTS -XX:+PrintGCDetails "
export JAVA_OPTS=" $JAVA_OPTS -Xloggc:$LOG_PATH/log/gclog/gc_$DATE.log "
export JAVA_OPTS=" $JAVA_OPTS -XX:+UseParallelGC "
#export JAVA_OPTS=" $JAVA_OPTS -XX:+UseConcMarkSweepGC "
export JAVA_OPTS=" $JAVA_OPTS -XX:+ExplicitGCInvokesConcurrent "
export JAVA_OPTS=" $JAVA_OPTS -XX:-HeapDumpOnOutOfMemoryError "
export JAVA_OPTS=" $JAVA_OPTS -XX:HeapDumpPath=$LOG_PATH/heap/$NODE_NAME "
# Linux Large Page Setting
#export JAVA_OPTS=" $JAVA_OPTS -XX:+UseLargePages "
#export JAVA_OPTS=" $JAVA_OPTS -verbose:gc"
export JAVA_OPTS=" $JAVA_OPTS -Djava.net.preferIPv4Stack=true"
export JAVA_OPTS=" $JAVA_OPTS -Dorg.jboss.resolver.warning=true"
export JAVA_OPTS=" $JAVA_OPTS -Dsun.rmi.dgc.client.gcInterval=3600000 "
export JAVA_OPTS=" $JAVA_OPTS -Dsun.rmi.dgc.server.gcInterval=3600000"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.modules.system.pkgs=org.jboss.byteman"
export JAVA_OPTS=" $JAVA_OPTS -Djava.awt.headless=true"
export JAVA_OPTS=" $JAVA_OPTS -DjvmRoute=$NODE_NAME "
export JDBCDRIVER=oracle.jdbc.pool.OracleConnectionPoolDataSource
export TOKEN_NODE=01
#for darwin
export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.log.dir=$LOG_PATH/$NODE_NAME"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.base.dir=$DOMAIN_BASE/$SERVER_NAME"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.server.log.dir=$JBOSS_LOG_DIR"
#export JAVA_OPTS=" $JAVA_OPTS -Djboss.external.deployments=$EXTERNAL_DEPLOYMENT"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.socket.binding.port-offset=$PORT_OFFSET"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.node.name=$NODE_NAME"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind.address.management=$MGMT_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind.address=$BIND_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.bind_addr=$MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.default.jgroups.stack=tcp"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.default.multicast.address=$MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.messaging.group.address=$JMS_MULTICAST_ADDR"
export JAVA_OPTS=" $JAVA_OPTS -Djboss.modcluster.multicast.address=$MODCLUSTER_MULTICAST_ADDR"
#export JAVA_OPTS=" $JAVA_OPTS -Dserver.mode=local"
# Use log4j in application
export JAVA_OPTS=" $JAVA_OPTS -Dorg.jboss.as.logging.per-deployment=false "
echo "Config OK"