6 Replies Latest reply on Sep 13, 2007 4:45 PM by igain

    Apache HTTPD + mod_jk +ssl+Jboss

    igain
    igain Sep 10, 2007 1:45 PM

      Hi,

      I have been trying to configure with apache and jboss server with mod_jk and SSL in a clustered environment.

      Apache is being used as loadbalancer on top of my jboss app server nodes

      I have doubt here

      1) I have a seprate web server machine and a 2 seprate app server machine.
      I am not sure where should i install self signed SSL certificate.
      At Apache web server or inside tomcat container using server.keystore file?


      First I configured self signed SSL certificate in embeded tomcat in jboss, and tried to access the application.
      It works when my apache httpd and jboss is on same machine but it doesn't if i have apache httpd and jboss on 2 different machine.
      mod_jk doesn't forward the request to https port if my jboss app server is on different machine.

      Is there any specific configuration that i need to do in apache httpd to forward my request to https port on jboss ?


      Ideally certificate should be installed at a single location which is at apache web server, this way if add more nodes of jboss i need not to configure them atleast for SSL.

      So I tried to install SSL certificate on apache web server using mod_ssl and i was able to configure self signed certificate.

      This combination works fine and SSL request being forwarded to jboss correctly on remote jboss machine. but when apache forward the request it forward to http:// URL not https:// url on jboss.
      Which i don't know is correct or not.


      Moreover the moment when i configure loadbalancer using mod_jk along with mod_ssl apache gives error page 500 when i try access the application.

      Any help would greatly appreciated ?

      • 7827 Views
      • Tags:
        • 1. Re: Apache HTTPD + mod_jk +ssl+Jboss
          igain
          igain Sep 11, 2007 12:55 AM (in response to igain)

          I was able to fix the last problem where in apache was giving 500 error.
          i did correct the wroker.properties file and added jkstatus.

          please provide some inputs on other 2 issues, if somebody has tried with that combination in production.

          Thanks

            • Actions
          • 2. Re: Apache HTTPD + mod_jk +ssl+Jboss
            jfclere
            jfclere Sep 11, 2007 2:42 AM (in response to igain)

            When using mod_jk you only need the certificates and key in Apache httpd. See http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html

              • Actions
            • 3. Re: Apache HTTPD + mod_jk +ssl+Jboss
              igain
              igain Sep 12, 2007 12:03 PM (in response to igain)

              I did configure crt and key file in apache however when request is going to tomcat it is no appearing as https://

              It is coming as http://.

              I tried with following rewrite rule in .htaccess file but still it is coming as http:// it's not able to write as https

              RewriteEngine On
              RewriteCond %{SERVER_PORT} !^443$
              RewriteRule .* https://%{SERVER_NAlME}%{REQUEST_URI} [R,L]

                • Actions
              • 4. Re: Apache HTTPD + mod_jk +ssl+Jboss
                igain
                igain Sep 12, 2007 12:35 PM (in response to igain)

                And even i tried to setup one on one basis no clustering or loadbalancing but still I am not able to use https, when i request my application page internate explorer gives "The page cannot be displayed" error.

                (192.168.1.101) (192.168.1.102)
                Apache Httpd ----------> Jboss + SSL(in server.xml of jboss-web.deployer)

                I did modify the log level for mod_jk to debug and here is response from ajp connector in mod_jk.log file

                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (610): Number of headers is = 5
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (666): Header[0] [Pragma] = [No-cache]
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (666): Header[1] [Cache-Control] = [no-cache]
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (666): Header[2] [Expires] = [Wed, 31 Dec 1969 16:00:00 PST]
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (666): Header[3] [Location] = [https://localhost/myapp/jsp/registration.do]
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (666): Header[4] [Content-Length] = [0]
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (1043): received from ajp13 pos=0 len=2 max=8192
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (1043): 0000 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - ................
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (1506): AJP13 protocol: Reuse is OK
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] jk_ajp_common.c (2286): recycling connection pool slot=0 for worker node1
                [Wed Sep 12 09:16:14 2007]loadbalancer localhost 0.080116
                [Wed Sep 12 09:16:14 2007][1320:2832] [debug] mod_jk.c (2238): Service finished with status=302 for worker=loadbalancer


                By looking at the log tomcat ajp connector is able to send response back to apache with status 302 which is Moved Temporarily.

                Can somebody through some light what could be the possible reason of not working ?

                I am using
                Jboss-4.2.0.GA
                Apache 2.2
                Red Hat Linux

                Thanks

                  • Actions
                • 5. Re: Apache HTTPD + mod_jk +ssl+Jboss
                  jfclere
                  jfclere Sep 13, 2007 2:27 AM (in response to igain)

                  That is normal mod_ssl of Apache httpd decrypts the data and send them via mod_jk uncrypted to Tomcat.

                    • Actions
                  • 6. Re: Apache HTTPD + mod_jk +ssl+Jboss
                    igain
                    igain Sep 13, 2007 4:45 PM (in response to igain)

                    is there any way to configure a remote machine which is running jboss, as a SSL virtual host in apache httpd??

                    If yes then what all settings that i need to do ?
                    or is there any documentation ?

                      • Actions