I’m configuring AWS for a new client implementation, of course this needs to be highly available and DR-erable… You know what I mean. My definition of DR is across availability zones, they are separate everything, so that is enough for me. I don’t need cross region.
I have installed two separate web servers, both listening on port 9005 https and 9001 for http. I’ve configured my AWS ELB to point to these two nodes. I had to load the SSL cert into AWS, so it’d do the cert offload and the https work.
To get port 9005 working https, I needed to do the following for my JD Edwards server (within AWS). I’m using a port above 1024 because of all the root restrictions on the server for ports below that number.
Note that you need to make the 3 distinct changes listed below: Note that this is for JDE server, not AdminServer as stated in many documents.
Note that Although I’m doing SSL offload, I still need to configure the AWS ELB to point to a secure port in JDE. I had a bunch of problems with https/http redirects. It seems that there is something that does not like holding the https tunnel…. So, when the ELB redirects to JDE on HTTPS, all is good.
I also had to defined a custom affinity rule based upon JSESSIONID for the ELB in AWS. This allowed JDE to work properly.
so now, when I log into my custom URL, I get presented with an https login screen and this is maintained in the application.
Above is the redirects and where they are going from and too.
Let’s summarise with a bit of a lesson:
Only install a single JVM / end point for JD Edwards in WLS in AWS if you are going to use ELB and any sort of elasticity. Why? Because the ELB can only really forward to a single port per host… So cookie-cut your web servers to be awesome at single port provisioning of E1 (they could do AIS too)…
No comments:
Post a Comment