Configure IBM HTTP Server for Liberty

With the archive installation, we can configure the web server to send requests to Liberty.

Procedure

1. Append the following stanza to the Liberty server.xml file to inform it of the archive installation root, as it is in the following example:

   <pluginConfiguration pluginInstallRoot="/opt/IHS/plugin"/>

2. Copy your generated plugin-cfg.xml file from the application server logs/state/ directory to the webserver plugin/config/webserver1/ directory.

3. Optional: To disable SSL between the WebSphere Application Server WebServer plug-in and the application server, append the following snippet to conf/httpd.conf to offload SSL to IBM HTTP Server:

   SetEnv ssl-map-mode offload

4. Optional: Configure SSL. If you require SSL, create SSL keystores and add the issuers of your application servers trust chain.

   1. Run the following command to create a keystore:

      bin/gskcapicmd -keydb -create -db plugin/config/webserver1/plugin-key.kdb -stash

   2. Obtain issuer certificates for back-end servers.

      • If the application servers use a centralized certificate authority (CA), copy the CA PEM-encoded certificate to the webserver host.

      • If the application servers use self-signed certificates, extract the public certificate from each server keystore key.jks and copy the PEM-encoded certificate to the webserver host. See the following example:

        keytool -exportcert -rfc -alias default -file /tmp/ca-$HOSTNAME.cert -keystore usr/servers/defaultServer/resources/security/key.jks

   3. Run the following command to add the trusted issuers to the keystore.

      bin/gskcapicmd -cert -add -db plugin/config/webserver1/plugin-key.kdb -stashed -label ca-host1 -file /tmp/host1-ca.cer

5. Restart your IBM HTTP Server.

   1. Run bin/apachectl restart to restart.

   2. Run bin\httpd.exe -k restart to restart.