5.3
Table Of Contents
- vFabric Web Server Installation and Configuration
- Table of Contents
- 1. About vFabric Web Server Installation and Configuration
- 2. Overview of vFabric Web Server
- 3. Installing vFabric Web Server
- Installation Note for vFabric Suite Customers
- Available Distribution Packages
- RHEL: Install vFabric Web Server from an RPM
- Unix: Install vFabric Web Server from a Self-Extracting ZIP
- Windows: Install vFabric Web Server from a ZIP File
- Activate a vFabric Web Server Local License
- Description of the vFabric Web Server Installation
- 4. Upgrading vFabric Web Server
- 5. Migrating Enterprise Ready Server to vFabric Web Server
- 6. Creating and Using vFabric Web Server Instances
- 7. Configuring vFabric Web Server Instances
- Using Sample Configuration Files to Enable Features and Modify Configuration
- Configure Load Balancing Between Two or More tc Runtime Instances
- Configure SSL Between vFabric Web Server and vFabric tc Server
- Configure tc Runtime Instances to Use SSL
- Configure the vFabric Web Server Instance to Use SSL
- Restrict Communication With tc Runtime Instances to Known Clients
- Update the Web Server Configuration for HTTPS Connections to tc Runtime Instances
- Configure vFabric Web Server to Authenticate Itself Using a Specific Client Certificate
- Configure BMX for Monitoring vFabric Web Server Instances
- Metrics
- 8. Security Information
- 9. Managing Planned and Unplanned Outages
- 10. Additional Documentation
40 vFabric Web Server
40
Configuring vFabric Web Server
Instances
4. Restrict Communication With tc Runtime Instances to Known Clients
5. Configure vFabric Web Server to Authenticate Using a Specific Client Certificate
Important. It is assumed that you have already installed vFabric Web Server and vFabric tc Server, created instances, and set up
unsecured load balancing between them. If you have not already done this, see Configure Load Balancing Between vFabric Web
Server and vFabric tc Server.
Configure tc Runtime Instances to Use SSL
VMware recommends that you configure a tc Runtime instance to use SSL by specifying the bio-ssl template when you
create or modify an instance; this template adds the correct configuration to the conf/server.xml file and automatically
generates a keystore based on your inputs. You specify the bio-ssl template when you create a new tc Runtime instance using
the tcruntime-instance command. Additionally, as of version 2.8 of vFabric tc Server, you can also apply the template to
an existing instance.
The following example shows how to create a new tc Runtime instance that uses the bio-ssl template:
prompt$ ./tcruntime-instance.sh create instanceOne -t bio-ssl -i /var/opt/vmware/vfabric-tc-server-standard
In the preceding example, the tc Runtime instance will be located in the /var/opt/vmware/vfabric-tc-server-
standard directory and will use default values when creating the keystore. If you want to customize the keystore, use the --
interactive option and the command will prompt you for specific information:
prompt$ ./tcruntime-instance.sh create instanceOne -t bio-ssl -i /var/opt/vmware/vfabric-tc-server-standard --interactive
The following example shows how to apply the bio-ssl template to an existing tc Runtime instance called instanceTwo:
prompt$ ./tcruntime-instance.sh apply-template instanceOne -t bio-ssl -i /var/opt/vmware/vfabric-tc-server-standard
Note: The apply-template option of tcruntime-instance is available as of version 2.8 of vFabric tc Server.
To invoke an application deployed to the tc Runtime instance using HTTPS, specify the HTTPS port. The default HTTPS port is
8443, although you might have configured a different port for your particular instance. For example:
https://host:8443/my-app
See Create and Modify a tc Runtime Instance in the Getting Started with vFabric tc Server guide in this Documentation Center
for details.
If you chose not to use the bio-ssl template, you can create your own keystore using the keytool command, as shown in the
following example:
prompt$ keytool -genkey -alias tomcat -keyalg RSA -keystore CATALINA_BASE/conf/tomcat.keystore
In the preceding example, CATALINA_BASE refers to the instance directory, such as /var/opt/vmware/vfabric-tc-
server-standard/instanceOne.
Update the appropriate <Connector /> element in the instance's conf/server.xml file by adding the keyAlias,
keystoreFile, and keystorePass attributes, setting the values to those you specified when you created the keystore using
keytool as shown above. For example:
<Connector SSLEnabled="true"
acceptCount="100"
connectionTimeout="20000"
executor="tomcatThreadPool"
keyAlias="tomcat"
keystoreFile="${catalina.base}/conf/tomcat.keystore"
keystorePass="changeme"