Remote Admin GUI deployment
Version History
Version | Date | Modified By | Description of Modification |
---|---|---|---|
0.1 | 12/14/2018 | Paul Tambellini | Initial version |
Overview
Admin GUI can be deployed on a remote server separate from where the CONNECT ear is deployed. Most services within the Admin GUI have been coverted to use webservices to interact with the CONNECT ear allowing Admin GUI to interact over the internet and does not have to be included on the same server as CONNECT ear. This process has mostly been done in CONNECT 5.2.
- On two different machines, start the application server. Both servers must have the mysql-connector-java jar deployed because the Admin GUI will have to write login information to where the Admin GUI war is deployed and all other services will write to the database that is deployed on the server containing the CONNECT ear.
- On one machine, deploy the 5.2 or above CONNECT ear because most of the web services have decoupled from the CONNECT ear in 5.2.
- On another machine, deploy the 5.2 or above Admin GUI war because most of the web services have decoupled from the CONNECT ear in 5.2.
- Update exchangeInfo.xml in the properties directory of the server which hosts the CONNECT ear. Change every URL from localhost to the ip address of machine which represents the localhost. In order for Exchange Manager to be viewed by the Admin GUI, exchangeInfo.xml has to be pointed to the ip address of the CONNECT ear server. This must be done because when the Admin GUI looks upon the CONNECT ear server the exchangeinfo services will be pointed to the localhost which the Admin GUI will view as its own localhost and not the ip address where the information is currently being stored.
- Update exchangeInfo.xml and internalExchangeInfo.xml in the properties directory of the server which hosts the CONNECT Admin GUI. Change localhost to the ip address of where the CONNECT ear is located. ExchangeInfo.xml is pointed to the ip address of the CONNECT ear server in order to ping the services. InternalExchangeInfo.xml has to be pointed to where the CONNECT ear is located to have the web services be able to interact. This must be done because when the Admin GUI looks upon the CONNECT ear server the internalexchangeinfo services and the exchangeinfo services will be pointed to the localhost which the Admin GUI will view as its own localhost and not the ip address where the information is currently being stored.
- User Management which includes login information and account creation will not be converted to a web service at the moment but should be determined if any vulnerabilities exist.
Enable HTTPS on Admin GUI
To use https for the CONNECT Admin GUI by using self-signed certificates, two self-signed certificates have to be created. One created for the server, in this case, called server_public.cer. Also one created for the client which will be used by the browser to be verified by the server. The following keytool commands were used to create the keystores and truststores:
- Import client cert into the server
- Navigate to the wildfly server and import into its cacerts.jks
- keytool -v -import -keypass changeit -noprompt -trustcacerts -alias client_public -file client_public.cer -keystore cacerts.jks -storepass changeit
- Navigate to the wildfly server and import into its cacerts.jks
- Convert client JKS into PKCS12 so that it can be import into browser.
- keytool -v -importkeystore -srckeystore client.jks -srcalias client -destkeystore client.p12 -deststoretype PKCS12
- Import server public cert into browser Trust Store and client.p12 Please follow step below for each browser.
Chrome
Click on Settings, then on Advanced, then Manage Certificates, then click on the Personnel tab and then Import
Run through the certificate wizard, use client.p12 for File to Import, changeit for password in Private Key Protection and personnel for Certificate store.
Select Options, Privacy & Security, View Certificates, Your Certificates, Import.
Import Select client.p12 then enter changeit for password.
.