Apache & Websphere application server

hello *,

I trying to make apache, SSL and Websphere works together ...

and i have the "famous" probleme
"loaded DSO /apps/[..]/mod_app_server.so uses plain Apache api ... this module migth crash ... re compile it with -DEAPI "

my probleme is : i don't have the source code of the websphere plugin ...

do you know a way to use mod_ssl without compiling apache
or compiling apache to perfectly support the old way DSO module ??

thanx by advance
--
arno



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
http://www.doteasy.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache & Websphere application server

On Tue, 16 Jul 2002, arcean wrote:

> my probleme is : i don't have the source code of the websphere plugin ...
>
> do you know a way to use mod_ssl without compiling apache
> or compiling apache to perfectly support the old way DSO module ??

You'll have to either get IBM to provide you with an EAPI-compiled
WebSphere DSO or set up two copies of Apache, one SSL and one non-SSL.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Apache & Websphere application server

I haven't used at websphere in over a year, but look to see if they included
2 dso's: one for ssl and one for non-ssl.

I know that BEA and others do this, but I can't recall if IBM does or not.

David Marshall

-----Original Message-----
From: arcean [mailto:arcean@lopette.org]
Sent: Tuesday, July 16, 2002 9:05 AM
To: modssl-users@modssl.org
Subject: Apache & Websphere application server


hello *,

I trying to make apache, SSL and Websphere works together ...

and i have the "famous" probleme
"loaded DSO /apps/[..]/mod_app_server.so uses plain Apache api ... this
module migth crash ... re compile it with -DEAPI "

my probleme is : i don't have the source code of the websphere plugin ...

do you know a way to use mod_ssl without compiling apache
or compiling apache to perfectly support the old way DSO module ??

thanx by advance
--
arno



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
http://www.doteasy.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache & Websphere application server

---------- Original Message ----------------------------------
From: Cliff Woolley
Reply-To: modssl-users@modssl.org
Date: Tue, 16 Jul 2002 13:55:34 -0400 (EDT)

>On Tue, 16 Jul 2002, arcean wrote:
>
>> my probleme is : i don't have the source code of the websphere plugin ...
>>
>> do you know a way to use mod_ssl without compiling apache
>> or compiling apache to perfectly support the old way DSO module ??
>
>You'll have to either get IBM to provide you with an EAPI-compiled
>WebSphere DSO or set up two copies of Apache, one SSL and one non-SSL.

yes i've think about this (when i was testing)
but the point is : I need to provide Https pages with Websphere
and i need to use Apache as "front" server
a friend of me has opened a "Ticket" with IBM ...
i pray to have a EAPI mod_app_server in return ...

>--Cliff



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
http://www.doteasy.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache & Websphere application server

On Tue, 16 Jul 2002, arcean wrote:

> yes i've think about this (when i was testing)
> but the point is : I need to provide Https pages with Websphere
> and i need to use Apache as "front" server
> a friend of me has opened a "Ticket" with IBM ...
> i pray to have a EAPI mod_app_server in return ...

If that doesn't work out, you can just configure it [with rewriterules or
with proxypassreverse] so that the SSL-aware Apache will act as a reverse
proxy for the non-SSL websphereized Apache.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Apache & Websphere application server

> >You'll have to either get IBM to provide you with an EAPI-compiled
> >WebSphere DSO or set up two copies of Apache, one SSL and
> one non-SSL.
>
> yes i've think about this (when i was testing)
> but the point is : I need to provide Https pages with Websphere
> and i need to use Apache as "front" server

You can always put up the SSL-aware Apache in front of the non-SSL Websphere
one:

Config inside the "frontmost" SSL Apache:
ProxyPass / http://127.0.01:/
ProxyPassReverse / http://127.0.01:/

And set up the "backend" Websphere one to listen only on the loopback
interface:
Listen 127.0.0.1:

(Obviously, substitute with whatever port you'd like
it to listen on.)

Additionally, if you really need to see the IP of the connecting client on
the backend server (for example, so your access logs show the real IP), you
can do a little trick with mod_perl (provided, of course, you've got
mod_perl on both servers):

On the "front" SSL server (single line in case it wraps)[1]:

PerlHeaderParserHandler "sub
{my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->con nection->remote_
ip())}"

On the "back" Websphere server (also on a single line)[2]:

PerlHeaderParserHandler "sub
{my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->he aders_in->merge(
'X-Forwarded-For')))[-1])}"

In case there isn't mod_perl on the backend server, there might be some
other way to act on the standard proxying "X-Forwarded-For" header (maybe
websphere can do it by itself?).

Hope it helps... Marco Zamora

[1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember
that on proxy connections, the INcoming headers are the ones forwarded on to
the target server.

[2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the
*last* IP in the possible chain of X-Forwarded-For headers. We can't just
use the header_in method because it returns the first one.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Apache & Websphere application server

thanx a lot for all

but (yes there is a but :( )

i use Websphere to authenticate client from there certificat
.... (websphere does evrything here ... )

and so i need to share information on the server between
mod_app_server and mod_ssl ...
(it works on Iplanet ... i need the same fonctionnality)

but i don't knew how i could use mod_proxy
so ... thanxs a lot anyway :)


---------- Original Message ----------------------------------
From: "Marco A. Zamora Cunningham"
Reply-To: modssl-users@modssl.org
Date: Tue, 16 Jul 2002 17:32:47 -0500

>> >You'll have to either get IBM to provide you with an EAPI-compiled
>> >WebSphere DSO or set up two copies of Apache, one SSL and
>> one non-SSL.
>>
>> yes i've think about this (when i was testing)
>> but the point is : I need to provide Https pages with Websphere
>> and i need to use Apache as "front" server
>
>You can always put up the SSL-aware Apache in front of the non-SSL Websphere
>one:
>
>Config inside the "frontmost" SSL Apache:
> ProxyPass / http://127.0.01:/
> ProxyPassReverse / http://127.0.01:/
>
>And set up the "backend" Websphere one to listen only on the loopback
>interface:
> Listen 127.0.0.1:
>
>(Obviously, substitute with whatever port you'd like
>it to listen on.)
>
>Additionally, if you really need to see the IP of the connecting client on
>the backend server (for example, so your access logs show the real IP), you
>can do a little trick with mod_perl (provided, of course, you've got
>mod_perl on both servers):
>
>On the "front" SSL server (single line in case it wraps)[1]:
>
> PerlHeaderParserHandler "sub
>{my($r)=shift;$r->headers_in->add('X-Forwarded-For'=>$r->co nnection->remote_
>ip())}"
>
>On the "back" Websphere server (also on a single line)[2]:
>
> PerlHeaderParserHandler "sub
>{my($r)=shift;$r->connection->remote_ip((split(/,\s*/,$r->h eaders_in->merge(
>'X-Forwarded-For')))[-1])}"
>
>In case there isn't mod_perl on the backend server, there might be some
>other way to act on the standard proxying "X-Forwarded-For" header (maybe
>websphere can do it by itself?).
>
>Hope it helps... Marco Zamora
>
>[1] Note for mod_perl-heads: Yes, it really is "$r->headers_in". Remember
>that on proxy connections, the INcoming headers are the ones forwarded on to
>the target server.
>
>[2] The fancy "(split[...]merge)[-1]" stuff is just a way of parsing out the
>*last* IP in the possible chain of X-Forwarded-For headers. We can't just
>use the header_in method because it returns the first one.
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>


__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
http://www.doteasy.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org