cancel
Showing results for 
Search instead for 
Did you mean: 

BO 4.3 SSL with OCI Load Balancer

former_member196901
Participant
0 Kudos
644

Hi All,

Need some help. BO 4.3 SP2 Patch 2. Implemented SSL on tomcat; on that task the only action that was performed was generating keystore.jks file and server.xml was modified with below code:

		<Connector <br>	       protocol="org.apache.coyote.http11.Http11NioProtocol"<br>           port="8443" maxThreads="200"<br>           scheme="https" secure="true" SSLEnabled="true"<br>           keystoreFile="C:\TomcatSSL\keystore.jks" keystorePass="mykeystorepass"<br>           clientAuth="false" sslProtocol="TLS"/>

We have OCI load balancer, has anyone configured BO with SSL on tomcat with OCI load balancer? Any help would be appreciated.

Thanks

BasicTek
Advisor
Advisor
0 Kudos

This is a tomcat SSL case for BI Implementation team, it needs to be moved out of BI authentication . I've alerted the moderators, but if it's not moved you may need to post again in the BI implementation (deployment) tag

Accepted Solutions (0)

Answers (2)

Answers (2)

DellSC
Active Contributor
0 Kudos

Generally, when using a load balancer, SSL is handled on the load balancer, not on Tomcat itself.

-Dell

former_member196901
Participant
0 Kudos

Hi Dell, thanks for your response. So nothing needs to be added to tomcat server.xml or anthing? Because after implementing SSL on the load balancer, our dns link is not working. which is https://companyname-dev/BOE/BI i get the bad gateway error.

DellSC
Active Contributor
0 Kudos

Change the url from the load balancer to the server to "http:...". Users will have SSL to the load balancer, which will "feed" the BOBJ web apps to the users. You don't necessarily need SSL between the load balancer and the BOBJ web server.

-Dell

former_member196901
Participant
0 Kudos

Sorry Dell, a bit confused here. Are you saying dont even use the dns link? and give users the link with server name? OR are you saying that on the load balancer settings, change the url from DNS link to the link with server name? The organization wants users to use the DNS link but also implement SSL and go through the OCI load balancer.

DellSC
Active Contributor
0 Kudos

You give the users the Load Balancer URL and configure that for SSL. The load balancer then redirects them a BOBJ web server without giving them the web server URL. In general, only the system admins have the DNS URL directly to the server.

-Dell

former_member196901
Participant
0 Kudos

Thank you Dell. Thats what we have been doing for the past 5 years or more until 2 weeks ago. We have our BO URL as http://companyname/BOE/BI and which is pointing to load balancer IP and load balancer points to our BO Infoview. The end users never see our normal url which is http://bobjservername:8080/BOE/BI. However, now that we are implementing SSL, We have to implement SSL on OCI load balancer as you stated and no ssl on tomcat (bobj web server). BUT, i am running into an issue where when i type in https://companyname/BOE/BI, i get the "Bad Gateway" error. Do i need to implement anything else?

DellSC
Active Contributor
0 Kudos

I believe there is something in the configuration of SSL on the load balancer that is not quite right that is causing the issue. Make sure that the URL from the load balancer to the web server is using http and not https.

Also, if the load balancer is pointing a single URL to multiple web servers, you need to make sure that it's configured for "sticky sessions". However, since the load balancer URL was working prior to SSL, that's probably already configured.

-Dell

former_member196901
Participant
0 Kudos

Hi, I edited the post to update the tags and could not find the BI implementation or deployment tag.