An SSL Accelerator (or SSL Terminator) strips off HTTPS encryption at or before the Web
server tier in a multitier setup. When you use an SSL Accelerator with HCL Commerce, you
can use the SSL Accelerator option to configure HCL Commerce to correctly receive requests
that require redirects.
Procedure
-
Open the HCL Commerce configuration
file.
-
Locate the section for the Web module that you are enabling an SSL Accelerator.
Each Web module in HCL Commerce has a configuration section. For example, the
Stores Web
module:
<Module contextPath="/webapp/wcs/stores"
fileServletEnabled="false"
name="Stores"
urlMappingPath="/servlet"
webAlias="/wcsstore">
<InitParameters adapters="XML/HTTP,
BrowserAdapter"
contextSetName="Store"
handleDoubleClick="true" />
</Module>
-
Add the following attributes to the InitParameters element:
For example, to use the default ports that HCL Commerce configures for the
Stores Web module with an SSL Accelerator, configure HCL Commerce following this
example:
<Module contextPath="/webapp/wcs/stores"
fileServletEnabled="false"
name="Stores"
urlMappingPath="/servlet"
webAlias="/wcsstore">
<InitParameters adapters="XML/HTTP, BrowserAdapter"
contextSetName="Store"
handleDoubleClick="true"
SSLAcceleratorOption="Enabled"
inSSLPort="443"
inNonSSLPort="80"
outSSLPort="443"
outNonSSLPort="80" />
</Module>
where:
- SSLAcceleratorOption
- Set the value to "Enabled" to indicate that an SSL Accelerator is used for that Web module.
- inSSLPort
- The port that is configured for HCL Commerce to receive the SSL data. HCL Commerce treats any data that is received on this port as SSL data even if the scheme says
http
. The default is port 443.
- inNonSSLPort
- The port that is configured for HCL Commerce to receive the non-SSL data. HCL Commerce treats any data that is received on this port as non-SSL data. The default port is
80.
- outSSLPort
- The port that HCL Commerce uses to send out SSL data on a redirect. The default port
is 443.
- outNonSSLPort
- The port that HCL Commerce uses to send out non-SSL data on a redirect. The default
port is 80.
- Update your Transaction server Docker container
(ts-app)
- Copy the modified version of your HCL Commerce configuration file
(wc-server.xml) to replace the one within your ts-app
docker image.
This is done within the Docker file for the ts-app.
The location for this configuration file within ts-app is
/opt/WebSphere/AppServer/profiles/default/installedApps/localhost/ts.ear/xml/config/wc-server.xml.
- Build the new Transaction server Docker container
(ts-app).
- Update your Web server Docker container
(ts-web)
- Disable SSL for those ports that no longer need SSL. Modify the Web server Docker container
IBM HTTP Server configuration file.
The location for this configuration file
within ts-web is
/SETUP/config/httpd.conf.
For example, if you are using an SSL
Accelerator for the Stores Web module, disable SSL for port 443. Within the
IBM HTTP Server
configuration file, remove the following directives from the
host_name:443
VirtualHost
:
SSLEnable
SSLClientAuth 0
- Update the Web server Docker container
SETUP/config/plugin-cfg.xml configuration file.
Change the
AppServerPortPreference attribute from HostHeader to
WebserverPort.
- Build the new Web server Docker container
(ts-web).
- Optional:
If your site uses a starter store, change your store environment setup file to create the
proper absolute paths for Ajax links.
-
Open HCL Commerce Developer and switch to the Enterprise Explorer
view.
-
Navigate to the following directory:
- Aurora starter store:
WC_eardir/Stores.war/storedir/Common/EnvironmentSetup.jspf
- workspace_dir/Stores/WebContent/storedir/include/JSTLEnvironmentSetup.jspf
-
Open your store environment setup file for editing.
-
Located the following commented out code snippet and remove the commenting out characters in
the code:
<%
// Add support for possible SSL Accelerator port setup in WC
config file.
// There could be a setup for using different ports for SSL and
nonSSL
// which are not 443 and 80 respectively.
// Uncomment the code below if using SSL Accelerator and want to
read the values from the configuration file.
// Reading from config file can have a negative effect on
performance. A better approach is to just enter the
// port values in this file directly by putting value in
inSSLAcceleratorPort and inNonSSLAcceleratorPort
// variables below.
//WebModuleConfig storeWebModule =
ConfigProperties.singleton().getWebModule(WcsApp.storeWebModuleName);
int inSSLAcceleratorPort = 443;
//if (storeWebModule.getInSSLPort() != null) {
// inSSLAcceleratorPort = new
Integer(storeWebModule.getInSSLPort()).intValue();
//}
int inNonSSLAcceleratorPort = 80;
//if (storeWebModule.getInNonSSLPort() != null) {
// inNonSSLAcceleratorPort = new
Integer(storeWebModule.getInNonSSLPort()).intValue();
//}
request.setAttribute("inSSLAcceleratorPort", inSSLAcceleratorPort);
request.setAttribute("inNonSSLAcceleratorPort",
inNonSSLAcceleratorPort);
%>
-
Save and close the file.
- Optional:
Delete all compiled pages from your storefront. Your store JSP files must be recompiled for
your changes to appear when a shopper visits your store.
-
Navigate to the following directory:
WCDE_installdir/wasprofile/temp/localhost/server1/WC/Stores.war
WAS_installdir/profiles/demo/temp/WC_demo_node/server1/WC_demo/Stores.war
-
Delete your entire storedir folder, such as Aurora, and
its contents from this directory.
What to do next
After you enable the SSL Accelerator option, you must configure the requests that are being
received on port 443. Ensure that the Host HTTP header is updated to include the port number. For
example, Host: myhost:443
.