...
When upgrading an existing installation, you can elect to just install/unzip the .jar files and documentation and keep your existing config directory intact. Make sure you have a current backup of your config directory before installing.
Also, make sure to delete any files in the patch directory, unless specifically instructed otherwise, since the new release will contain the fixes itself, and the files in the patch directory might be out of date.
Migrating from Ceptor 6.x to 6.4
With Ceptor version 6.4, Ceptor's .jar files have been renamed from PortalProtect*.jar to Ceptor*.jar - this affects CeptorAgent.jar too, which means that you need to rename from PortalProtectAgent.jar to CeptorAgent.jar where you reference this in your launcher configuration files.
Note that when installling using Ceptor's installer, it will do the renaming in the standard launcher files - if you are using custom files, you will need to do this renaming manually.
Migrating from Ceptor 5.x to 6.x
With Ceptor version 6, default configuration files have been renamed from pp_launch.xml to ceptor_launch.xml, and from portalprotect-configuration.xml/portalprotect-security.xml to ceptor-configuration.xml/ceptor-security.xml
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?> <!-- PortalProtectCeptor Launcher configuration --> <portalprotectlauncher<ceptorlauncher port="21211" launcherclasspath="classes/launcher;lib/PortalProtectAgentCeptorAgent.jar;extlib/logback-core-1.1.5.jar;extlib/logback-classic-1.1.5.jar;extlib/slf4j-api-1.7.16.jar" jvmstartdelay="5"> <!-- PortalProtectCeptor Server --> <jvm name="ppserver" vmargs="-Xmx1024M -Djava.awt.headless=true -Xnoclassgc -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError" systemclasspath=""> <config servers="loadbalance:nios://localhost:21233?validateservercert=false;nios://localhost:21234?validateservercert=false" /> <!-- Split into multiple classloaders --> <classloader name="config"> <service name="configserver1" launcherclass="dk.itp.managed.service.ConfigServerLauncher"> <property name="configuration" value="${portalprotectceptor.home}/config/ceptor-configuration.xml" /> <webserver webapp="${portalprotectceptor.home}/ppserver/webapp" httpport="4244" sslport="4245" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" /> </service> <service name="logserver1" serviceclass="dk.itp.peer2peer.log.server.LogServer" /> <service name="statisticsserver1" serviceclass="dk.itp.managed.service.StatisticsService" /> </classloader> <classloader name="config2"> <service name="configserver2" launcherclass="dk.itp.managed.service.ConfigServerLauncher"> <property name="configuration" value="${portalprotectceptor.home}/config/ceptor-configuration.xml" /> <webserver webapp="${portalprotectceptor.home}/ppserver/webapp" httpport="4252" sslport="4253" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" /> </service> </classloader> <classloader name="sessionctrl"> <service name="sessionctrl1" serviceclass="dk.itp.security.passticket.server.PTSServer" /> <service name="useradmin1" launcherclass="dk.itp.pp.useradmin.server.UserAdminServerLauncher" /> <service name="radiusserver1" launcherclass="dk.itp.pp.radius.RadiusServerLauncher" /> </classloader> <classloader name="useradminapp" extraclasspath="extlib_extras/jsp;extlib_extras/wicket;${portalprotectceptor.home}/ppserver/useradmin/language"> <service name="useradminapp" launcherclass="dk.asseco.pp.ua.UserAdminAppLauncher"> <webserver webapp="${portalprotectceptor.home}/ppserver/useradmin" bindaddress="127.0.0.1" httpport="4343" sslport="4344" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" minthreads="2" maxthreads="20" /> </service> </classloader> <classloader name="scl_and_axis"> <service name="axis" launcherclass="dk.itp.pp.webservices.launcher.WebServicesLauncher"> <webserver webapp="${portalprotectceptor.home}/ppserver/webserviceswebapp" httpport="4300" sslport="4301" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" /> </service> <!-- Uncomment to load SCL --> <!-- <service name="sclserver1" launcherclass="dk.itp.scl.server.SCLLauncher"> <property name="additionalservlets" value="sclsimple,sclssl,scl1"/> <property name="servlet.sclsimple.class" value="dk.itp.scl.server.simple.SimpleServer"/> <property name="servlet.sclsimple.server.name" value="scl_simple"/> <property name="servlet.sclsimple.urlpattern" value="/pp/simpleserver"/> <property name="servlet.sclssl.class" value="dk.itp.scl.server.ssl.SSLServer"/> <property name="servlet.sclssl.server.name" value="scl_ssl"/> <property name="servlet.sclssl.urlpattern" value="/pp/scl_sslserver"/> <property name="servlet.scl1.class" value="dk.itp.scl.server.crypto.CryptoServer"/> <property name="servlet.scl1.server.name" value="scl1"/> <property name="servlet.scl1.urlpattern" value="/pp/cryptoserver"/> <webserver webapp="${portalprotectceptor.home}/ppserver/webapp" httpport="4222"/> </service> --> <service name="proxy1" launcherclass="dk.itp.security.proxy.ProxyLauncher"> <webserver webapp="${portalprotectceptor.home}/ppserver/webapp" httpport="4400"/> </service> </classloader> </jvm> <!-- Ceptor Console --> <jvm name="console" vmargs="-Xmx1024M -Xnoclassgc -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError"> <config servers="nios://localhost:21233?validateservercert=false" /> <classloader name="console" extraclasspath=""> <service name="ceptorconsole" launcherclass="io.ceptor.console.ConsoleLauncher"> <property name="sessioncookiename" value="jsession_ceptorconsole"/> <webserver webapp="${portalprotectceptor.home}/ppserver/console" contextpath="/" bindaddress="0.0.0.0" httpport="4242" sslport="4243" minthreads="2" maxthreads="10" maxpostsize="67108864" maxidletime="10000" responseheadersize="32768" outputbuffersize="32768" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" /> </service> </classloader> </jvm> <!-- Ceptor Gateway --> <jvm name="gateway" vmargs="-Xmx1024M -Xnoclassgc -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -Dorg.jboss.logging.provider=slf4j" systemclasspath=""> <config servers="loadbalance:nios://localhost:21233?validateservercert=false;nios://localhost:21234?validateservercert=false" /> <classloader name="gw" extraclasspath="gateway"> <service name="gateway1" launcherclass="io.ceptor.gateway.GatewayLauncher"> </service> </classloader> </jvm> <!-- PortalProtectCeptor Dispatcher --> <jvm name="dispatcher" vmargs="-Xmx1024M -Xnoclassgc -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -Xbootclasspath/p:"${portalprotectceptor.home}/alpn/alpn-boot-8.1.9.v20160720.jar"" systemclasspath=""> <config servers="loadbalance:nios://localhost:21233?validateservercert=false;nios://localhost:21234?validateservercert=false" /> <classloader name="dispatcher"> <service name="dispatcher1" launcherclass="dk.itp.tunnel.DispatcherLauncher "> <property name="ws.jettyxml" value="${portalprotectceptor.home}/dispatcher/jetty-requestlog.xml;${portalprotectceptor.home}/dispatcher/jetty-lowresources.xml;${portalprotectceptor.home}/dispatcher/jetty-rewrite.xml"/> <!-- Uncomment to load SCL --> <!-- <property name="additionalservlets" value="scl1,sclssl"/> <property name="servlet.scl1.class" value="dk.itp.scl.server.tunnel.TunnelServlet"/> <property name="servlet.scl1.server.name" value="scltunnel1"/> <property name="servlet.scl1.urlpattern" value="/scltunnel;/pp/cryptoserver"/> <property name="servlet.sclssl.class" value="dk.itp.scl.server.tunnel.TunnelServlet"/> <property name="servlet.sclssl.server.name" value="scl_ssltunnel"/> <property name="servlet.sclssl.urlpattern" value="/pp/ssltunnel"/> --> <property name="alpn.protocols" value="ssl,alpn,h2,h2-17,h2-16,h2-15,h2-14,http/1.1"/> <webserver webapp="${portalprotectceptor.home}/dispatcher/webapp" http2="true" bindaddress="0.0.0.0" httpport="4080" sslport="4443" keystoretype="JKS" keystore="${portalprotectceptor.home}/dispatcher/portalprotect.key" password="changeit" minthreads="2" maxthreads="500" maxpostsize="67108864" maxidletime="10000" wantclientauth="true" allowrenegotiate="false" truststore="${portalprotectceptor.home}/config/x509/issuer/certissuer.pfx" excludeprotocols="SSLv3" trustpassword="password" truststoretype="PKCS12" truststoreprovider="BC" excludeciphersuites=".*NULL.*,.*RC4.*,.*MD5.*,.*DSS.*" includeciphersuites="TLS_ECDHE.*,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" responseheadersize="32768" outputbuffersize="32768" /> </service> </classloader> </jvm> </portalprotectlauncher>ceptorlauncher> |
Let us look at the structure of the file:
| Code Block |
|---|
<portalprotectlauncher<ceptorlauncher port="21211" launcherclasspath="classes/launcher;lib/PortalProtectAgentCeptorAgent.jar;extlib/logback-core-1.1.5.jar;extlib/logback-classic-1.1.5.jar;extlib/slf4j-api-1.7.16.jar" jvmstartdelay="5"> |
...
The launcherclasspath is relative to the portalprotectceptor.home (can be specified using –pphome –ceptorhome) and must point to PortalProtectAgentCeptorAgent.jar and the version of the .jar file containing log4j in use. Any .jar files in the patches directory will automatically be placed first in the classpath. When logging to windows event log, see the section later in this document for additional .jars needed here.
...
| Code Block |
|---|
<service name="configserver1" launcherclass="dk.itp.managed.service.ConfigServerLauncher">
<property name="configuration" value="${portalprotectceptor.home}/config/ceptor-configuration.xml" />
<webserver webapp="${portalprotectceptor.home}/ppserver/webapp" httpport="4242" sslport="4243" keystoretype="JKS" keystore="${portalprotectceptor.home}/ppserver/portalprotect.key" password="changeit" contextpath="/" bindaddress="0.0.0.0" />
</service>
<service name="logserver1" serviceclass="dk.itp.peer2peer.log.server.LogServer" /> |
...
| Code Block |
|---|
<property name="ws.jettyxml" value="${portalprotectceptor.home}/config/jettyconfig.xml" /> |
This will allow you to customize any other setting you might need, refer to the Jetty documentation if you need to do this.
You should set it to "${portalprotectceptor.home}/dispatcher/jetty-rewrite.xml" to add the Jetty Rewrite Module – it adds known security headers, please refer to (and edit) jetty-rewrite.xml.
...
| Code Block |
|---|
log4j.appender.ITPLog=dk.itp.peer2peer.log.RemoteLogAppender log4j.appender.ITPLog.LocationInfo=false log4j.appender.ITPLog.Servers=nio://portalprotectserverceptorserver.mycompany.com:21236 log4j.appender.ITPLog.PeerName=my_app_name |
...
| Code Block |
|---|
<appender name="PPRemoteLog" class="dk.itp.peer2peer.log.RemoteLogbackAppender"> <Servers>nio://portalprotectserverceptorserver.mycompany.com:21236</Servers> <PeerName>my_app_name</PeerName> </appender> |
...
| Code Block |
|---|
launcherclasspath="classes/launcher;lib/PortalProtectAgentCeptorAgent.jar;extlib/log4j-1.2.16.jar;extlib/slf4j-api-1.7.5.jar;extlib/slf4j-log4j12-1.7.5.jar"> |
...
| Code Block |
|---|
launcherclasspath="classes/launcher;lib/PortalProtectAgentCeptorAgent.jar;extlib/logback-core-1.1.5.jar;extlib/logback-classic-1.1.5.jar;extlib/slf4j-api-1.7.16.jar" |
...
| Code Block |
|---|
launcherclasspath="classes/launcher;lib/PortalProtectAgentCeptorAgent.jar;extlib/log4j-1.2.16.jar;extlib_extras/log4jna/jna.jar;extlib_extras/log4jna/platform.jar;extlib_extras/log4jna/log4jna.jar" |
...
If you wish to use logback with windows event logging, there is an example in classes/logback.xml you can uncomment, and add the appender to the ROOT appender – you still need jna.jar and platform.jar on your classpath, but the appender itself is already within PortalProtectAgentCeptorAgent.jar
| Code Block |
|---|
<appender name="WindowsEventLog" class="dk.itp.log.Log4JnaLogbackAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%d{ISO8601} [%t] %-5level %logger %X{sessionid} - %msg%n%throwable</pattern>
</layout>
<source>pp_log</source>
<server>Ceptor</server>
</appender> |
For this to work, you will need to add a key to the windows registry using regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\PortalProtectCeptor\pp_logEventMessageFile="C:\Windows\System32\Win32EventLogAppender.dll"
Make sure you adjust the path to where you have copied Win32EventLogAppender.dll – you can find it in extlib_extras/log4jna the last part of the path, the source pp_log must match the entry in <source> in logback.xml – you can change this if you run multiple different JVMs with different portalprotect instances ceptor instances on the same machine.
Clustering
...