繼續昨天看到的問題,
在開始之前,我有想到一個可能的原因,就是我忘了將websphere的kdb傳到IHS了,
這也可能導致IHS無法通過SSL連線到WebSphere
要傳送kdb,只要到 Web servers > webserver1 > Plug-in properties
按下Copy to Web server key store directiry,就行了
kdb檔會被傳送到/opt/IBM/WebSphere/Plugins/config/webserver1/
不過很可惜,除了kdb之外似乎還有別的問題,走https仍然回應500,
只好乖乖從log著手了
首先就看在/opt/IBM/HTTPServer/logs 的access_log
172.17.0.1 to - - [13/Oct/2022:15:28:18 +0000] "GET /Iron30/DemoServlet?action=testConn HTTP/1.1" 500 598 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 172.17.0.1 172.17.0.4
從log中可以發現,172.17.0.1 to -,沒有WebSphere的ip跟port,
看起來IHS沒有將request轉給WebSphere,
再看error_log
[Thu Oct 13 15:28:18 2022] [error] [client 172.17.0.1] [7f3024000910] [3165] SSL0280E: SSL Handshake Failed, the configured certificate chain contains a signature that is not compatible with peers TLS Signagure Algorithm requirements. [172.17.0.1:54168 -> 172.17.0.4:443] [15:28:18.000199555] 0ms
看log本來以為是自簽憑證有什麼地方有錯導致連線有問題,
但是直連https://localhost/index.html (直接存取IHS上的頁面),是可以成功連線的,
後來測試才發現就算直接連https://localhost/index.html
在error_log也會有這個錯誤,因此我覺得應該無關,這個錯誤就先放著,之後再找時間處理
再看看http_plugin.log有什麼線索
位置在這裡:/opt/IBM/WebSphere/Plugins/logs/webserver1
[13/Oct/2022:15:37:42.62286] 00000c41 3efed700 - DETAIL: ws_common: websphereShouldHandleRequest: trying to match a route for: vhost='localhost'; uri='/Iron30/DemoServlet'
[13/Oct/2022:15:37:42.62292] 00000c41 3efed700 - DETAIL: ws_common: websphereBeginRequest: Request is: host='localhost'; uri='/Iron30/DemoServlet'
[13/Oct/2022:15:37:42.62293] 00000c41 3efed700 - DETAIL: ws_common: websphereFindServerGroup: Setting the server group: server1_DefaultNode01_Cluster; highScore: 9; highExactMatch: 8; affinityCookie: JSESSIONID; affinityURL: jsessionid
[13/Oct/2022:15:37:42.62297] 00000c41 3efed700 - DETAIL: ESI: esiRequestPushUrl: '/Iron30/DemoServlet?action=testConn'
[13/Oct/2022:15:37:42.62298] 00000c41 3efed700 - DETAIL: ESI: esiRulesGetCacheId: cache miss; no rule for '/Iron30/DemoServlet'
[13/Oct/2022:15:37:42.62299] 00000c41 3efed700 - STATS: ws_server_group: serverGroupCheckServerStatus: Checking status of DefaultNode01_server1, ignoreWeights 0, markedDown 0, retryNow 0, retryInSec --, wlbAllows 1 reachedMaxConnectionsLimit 0
[13/Oct/2022:15:37:42.62300] 00000c41 3efed700 - ERROR: ws_common: websphereFindTransport: Nosecure transports available
[13/Oct/2022:15:37:42.62301] 00000c41 3efed700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
[13/Oct/2022:15:37:42.62301] 00000c41 3efed700 - ERROR: ESI: getResponse: failed to get response: rc = 4
[13/Oct/2022:15:37:42.62302] 00000c41 3efed700 - DETAIL: ESI: esiRequestPopUrl: '/Iron30/DemoServlet?action=testConn'
[13/Oct/2022:15:37:42.62303] 00000c41 3efed700 - ERROR: [172.17.0.1://Iron30/DemoServlet] ws_common: websphereHandleRequest: Failed to handle request rc=4
[13/Oct/2022:15:37:42.62303] 00000c41 3efed700 - DETAIL: ws_common: websphereEndRequest: Ending the request
這邊可以看到
ERROR: ws_common: websphereFindTransport: Nosecure transports available
ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find a transport
但是在plugin-cfg.xml裡面明明就有定義https要走的port
還是看不出問題在哪,
只好修改plugin-cfg.xml把log level再開更詳細一點,改成Trace,看看能不能有新發現
開了trace之後,還是沒看出問題在哪,明天再繼續吧...
有關log level的程度可參考:
https://www.ibm.com/docs/en/was/8.5.5?topic=ins-web-server-plug-in-properties-settings