영이네

1326069.1

ohs 11.1.1.7이하

sha2 방식 wallet에서 안되는 현상

JKS 생성하여 wallet으로 변환

#keytool 사용하여 keystore 생성 CSR/SHA2

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=445945205532288&parent=DOCUMENT&sourceId=1939223.1&id=1230333.1&_afrWindowMode=0&_adf.ctrl-state=168kaot9un_98

#orapki 사용하여 keystore를 oracle wallet으로 변환

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=445952969654086&id=1391991.1&_adf.ctrl-state=168kaot9un_196

# JKS 생성

1. 키스토어 생성

keytool -genkey -alias <alias> -keyalg RSA -keysize 1024 -sigalg SHA256withRSA -dname <dn> -keypass <password> -keystore <keystore> -storepass <password>

"C:\Program Files\Java\jdk1.7.0_72\bin\keytool" -genkey -alias cnrcdms.com -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=cnrcdms.com,O=C&R RESEARCH Inc.,L=Gangnam-gu,S=Seoul,C=KR" -keypass cdms1234 -keystore D:\keystore.jks -storepass cdms1234

2. 키스토어 확인

keytool -list -v -keystore <keystore> -storepass <password>

"C:\Program Files\Java\jdk1.7.0_72\bin\keytool" -list -v -keystore D:\keystore.jks -storepass cdms1234

3. CSR 생성

keytool -certreq -v -alias <alias> -file <filename> -sigalg SHA256withRSA -keypass <password> -storepass <password> -keystore <keystore>

"C:\Program Files\Java\jdk1.7.0_72\bin\keytool" -certreq -v -alias cnrcdms.com -file D:\cdms.csr -sigalg SHA256withRSA -keypass cdms1234 -storepass cdms1234 -keystore D:\keystore.jks

4. CA's root cert 임포트

keytool -import -v -noprompt -trustcacerts -alias <alias> -file <rootca_file> -keystore <keystore> -storepass <password>

ex) keytool -import -v -noprompt -trustcacerts -alias rootcacert-file rootCA.cer -keystore keystore.jks -storepass welcome

5. server cert 임포트

keytool -import -v -alias <alias> -file <server_cert_file> -keystore <keystore> -keypass <password> -storepass <password>

ex) keytool -import -v -alias server_cert -file server.cer -keystore keystore.jks -keypass welcome -storepass welcome

6. 키스토어 확인

keytool -list -v -keystore <keystore> -storepass <password>

"C:\Program Files\Java\jdk1.7.0_72\bin\keytool" -list -v -keystore D:\keystore.jks -storepass cdms1234

# JKS to wallet 변환

1. wallet 생성

export JAVA_HOME

$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet create -wallet <path> -auto_login

/was/webtier/Middleware/oracle_common/bin/orapki wallet create -wallet /was/webtier/Middleware/nwallet -auto_login

2. 변환

$MIDDLEWARE_HOME/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet <wallet_location_from_Step2> [-pwd <wallet_pwd>]  -keystore <keystore_location_from_Step1>/ewallet.jks -jkspwd <Step1_pwd>

/was/webtier/Middleware/oracle_common/bin/orapki wallet jks_to_pkcs12 -wallet /was/webtier/Middleware/wallet -pwd cdms1234 -keystore /was/webtier/Middleware/keystore/cnrcdms.com.jks -jkspwd cdms1234

] ./apachectl start

.../httpd: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory

] su - root

] yum -y install

1. httpd.conf 수정(모듈 로딩)

LoadModule proxy_cluster_module /jboss/ews/httpd/modules/mod_proxy_cluster.so

LoadModule slotmem_module /jboss/ews/httpd/modules/mod_slotmem.so

LoadModule manager_module /jboss/ews/httpd/modules/mod_manager.so

LoadModule advertise_module /jboss/ews/httpd/modules/mod_advertise.so

2. httpd.conf 수정(JBoss 연동)

NameVirtualHost 192.168.0.114:80

MemManagerFile /jboss/ews/httpd/logs/mod_cluster

NameVirtualHost 192.168.123.80:80

MemManagerFile /jboss/modcluster_test/ews2.1/httpd/cache/mod_cluster

<IfModule manager_module>

  Listen 9876

    <Directory />

        Order deny,allow

        Deny from all

        Allow from 192.168.123.

    </Directory>

  <VirtualHost *:9876>

    <Location /MCM>

      SetHandler mod_cluster-manager

      Order deny,allow

      Deny from all

      Allow from 192.168.123.

   </Location>

  </VirtualHost>

<VirtualHost 192.168.123.80:80>

    ServerAdmin webmaster@dummy-host.example.com

    DocumentRoot /jboss/modcluster_test/ews2.1/httpd/www

    ServerName www.jboss_test.com

    ErrorLog logs/jboss_test.com_error.log

    CustomLog logs/jboss_test.com_access.log common

    <Directory "/jboss/modcluster_test/ews2.1/httpd/www">

       Order deny,allow

       Allow from all

    </Directory>

      EnableMCPMReceive on

      ManagerBalancerName modClusterTest

      ServerAdvertise On

      AdvertiseGroup 224.0.1.105:23364

</VirtualHost>

</IfModule>

NameVirtualHost 192.168.238.129:6666

<IfModule manager_module>

    Listen 192.168.238.129:6666

    <VirtualHost 192.168.238.129:6666>

        <Location />

            Order deny,allow

            Allow from all

        </Location>

         KeepAliveTimeout 60

            ServerAdvertise On

            EnableMCPMReceive On

  <Location /mod_cluster_manager>

        SetHandler mod_cluster-manager

        Order deny,allow

        Deny from all

        Allow from all

    </Location>

</VirtualHost>

</IfModule>

NameVirtualHost 192.168.238.129:80

<VirtualHost 192.168.238.129:80>

ProxyPass /* balancer://test/* stickysession=JSESSIONID|jsessionid nofailover=On

ProxyPassMatch ^/.*\.(jsp|do|mvc)$ balancer://test/

    DocumentRoot /jennifer/web

    ServerName jboss_test.com

    ErrorLog logs/jboss_test.com_error.log

    CustomLog logs/jboss_test.com_access.log common

    <Directory "/jennifer/web">

       Order deny,allow

       Allow from all

    </Directory>

#EnableMCPMReceive

#ManagerBalancerName test

</VirtualHost>

http://192.168.0.114:7777/mod_cluster_manager

모니터링 가능

3. module 업로드

mod_proxy_cluster.so, mod_slotmem.so, mod_manager.so, mod_advertise.so

4. standalone-ha.xml

<subsystem xmlns="urn:jboss:domain:modcluster:1.1">

<mod-cluster-config advertise-socket="modcluster" connector="ajp" balancer="myWEBTOP">

mod_cluster는 기본적으로 ROOT(/)를 인식할 수 없다.

        <subsystem xmlns="urn:jboss:domain:modcluster:1.1">

            <mod-cluster-config advertise-socket="modcluster" proxy-list="127.0.0.1:7777" balancer="scm" excluded-contexts="invoker,jbossws,juddi,console" connector="ajp">

                <dynamic-load-provider>

                    <load-metric type="busyness"/>

                </dynamic-load-provider>

            </mod-cluster-config>

        </subsystem>

mod_advertise: directive in more than one VirtualHost: not supported

./.postinstall

conf/httpd.conf

Listen 127.0.0.1:80

=> Listen 80

conf.modules.d/00-mpm.conf

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so => 주석

LoadModule mpm_worker_module modules/mod_mpm_worker.so   => 주석해제

ProxyPass 설정

ErrorLog "|$APACHE_HOME/bin/rotatelogs $APACHE_HOME /logs/error_log 86400"

CustomLog "|$APACHE_HOME/bin/rotatelogs $APACHE_HOME/logs/access_log 86400" common

RedirectMatch ^/$ /redirect/

http://www.test.com => http://www.test.com/redirect

httpd.conf 수정

<Location /server-status>

    SetHandler server-status

    Order deny,allow

    Deny from all

    Allow from 192.168.123.33 #33 IP 사용자만 허용

</Location>

<Location /server-status>

    SetHandler server-status

    Order deny,allow

    Deny from all

    Allow from 192.168.123.0/24 #0~255 IP 사용자만 허용

</Location>

http://192.168.123.95/server-status?refresh=1

1초 간격으로 상태 모니터링

1 requests currently being processed, 7 idle workers

- 현재까지 서비스 건수, idle 수

- : 대기중

S: 구동된 프로세스

R: 클라이언트의 요청읽음

W: 클라이언트에 응답중

K: 클라이언트와 연결중

D: DNS 룩업

L: 로그기록중

G: 응답완료

. : 할당된 프로세스 없음

StartServers         8

MaxClients             4096

MinSpareThreads        1024

MaxSpareThreads        2048

ThreadsPerChild        128

MaxRequestsPerchild    0

StartServers        시작시에 초기화되는 서버 프로세스 갯수

MaxClients            동시 연결가능한 클라이언트의 최대 개수

MinSpareThreads        대기하고 있는 최소 스레드 갯수

MaxSpareThreads        대기하고 있는 최대 스레드 갯수

ThreadsPerChild        각각의 자식프로세스가 지속적으로 가질수 있는 스레드의 갯수

MaxRequestsPerChild    자식 프로세스가 서비스할 수 있는 최대 요청 갯수

- 에러로그 발생: (OS 64)지정된 네트워크 이름을 더 이상 사용할 수 없습니다. AH00341: winnt_accept: Asynchronous AcceptEx failed

- 조치 내용(httpd.conf 수정)

AcceptFilter http none

EnableMMAP off

EnableSendfile off