8 Replies Latest reply on Jun 14, 2011 10:43 PM by davean80

    JBoss 4.2.2 with F5 BigIP Load Balancer

    tux43b

      Hi All,

       

       

      Currently attempting to setup two clusterd JBoss 4.2.2 web servers behind a F5 BigIP load balancer using https. A standard web based application seems to function correctly, however when we do a 'WebStart' of a J2EE application it fails because the resource URL is not correctly referencing the https web server (note the http protocol after 'Unable to load resource' below, I want to make this https.)

       

      I _thought_ that it would be relatively simple to to change the Jboss servername/protocol to https, I was wrong. Can anybody lend a hand with getting this working with Jboss????

       

      Exception message:-

       

       

      <code>

      com.sun.deploy.net.FailedDownloadException: Unable to load resource: http://mywebserver.mydomain.com/Someapp/v3.01/start.jnlp

              at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getCacheEntry(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getCacheEntry(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getResourceCacheEntry(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getResourceCacheEntry(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getResource(Unknown Source)

              at com.sun.deploy.net.DownloadEngine.getResource(Unknown Source)

              at com.sun.javaws.Launcher.updateFinalLaunchDesc(Unknown Source)

              at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

              at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)

              at com.sun.javaws.Launcher.launch(Unknown Source)

              at com.sun.javaws.Main.launchApp(Unknown Source)

              at com.sun.javaws.Main.continueInSecureThread(Unknown Source)

              at com.sun.javaws.Main$1.run(Unknown Source)

              at java.lang.Thread.run(Unknown Source)

       

      <code>

       

        • 1. JBoss 4.2.2 with F5 BigIP Load Balancer
          mp911de

          Hi Brett,

          Loadbalancing is a nice thing. First you should check, whether traffic is forwarded correctly to your servers by your LB. You can check this by monitoring your JBoss Access-Logs and checking LB's Status-Console/Logging. The LB has multiple operation modes in forwarding traffic, by SSL-Offloading you can achieve that the LB handles all SSL-Suff for your (e. g. encryption, sticky sessions) but your first goal is to make your LB talking to your JBoss boxes. Please keep in mind, that in some cases different Host-Names are used in HTTP-Redirection. As every box (JBoss Server 1, 2, Loadbalancer) has it's own IP and probably also a own Hostname, some problems can come from wrong addresses.

           

          Perhaps check with a BigIP guy for LB-Support. JBoss forums can help you, when your LB is working.

           

          Best regards,

          Mark

          • 2. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
            tux43b

            Hi Mark,

             

            Thanks for the reply. Just letting you know that I have setup various applications with a load balancer, however struggling with JBoss. Just a couple of points of clarification.

             

            • When we access the web application we actually hit (note the https)- https://mywebserver.mydomain.com/Someapp/v3.01/start.jnlp
            • Problem only exists with Java Web Start - seems fine for normal static html (Note: Exception log above references http://mywebserver.mydomain.com/Someapp/v3.01/start.jnlp
            • In my opinion the problem exists because the protocol is incorrect (NB. In the above exception log it is using http rather than https)
            • I believe this is set at the JBoss web server (ie. Somewhere we need to tell the JBoss web server that the client will be sending https traffic, currently it (the web server) is telling the client it is http
            • Of course JBoss is receiving the traffic via http because the load balancer is doing the encryption
            • In  an Apache environment this is done in apache using ProxyPass & ProxyPassReverse

             

             

            <code>

            ProxyPass /Someapp http://JBoss.local:8080/Someapp

            ProxyPassReverse /Someapp http://JBoss.local:8080/Someapp

            <code>

             

             

             

            Hope this helps, as you can tell scratching my head.

             

            Brett

            • 3. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
              mp911de

              Hi Brett,

              thanks for further information.

               

              You should use in JBoss two different Connectors/Ports when you use a Loadbalancer handling SSL and Plain Traffic.

              You can achieve this, by specifying Connectors in JBOSS_SERVER_HOME/deploy/jbossweb.sar/server.xml

               

              When your Plain-Port would be 80, just add a second Connector. Following Example:

               

              <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" redirectPort="443" proxyPort="80" proxyName="yourLBHostName"/>

               

              <Connector protocol="HTTP/1.1" address="${jboss.bind.address}" port="8443" secure="true" proxyPort="443" proxyName="yourLBHostName"/>

               

              The stuff in bold is needed to tell JBoss, which Port/Host-Name the Client should see (usually you hide the Cluster-Node's real Host-Name).

               

              Further information about running JBoss (or Tomcat) behind a proxy (such as a Loadbalacer) see http://tomcat.apache.org/tomcat-6.0-doc/proxy-howto.html

               

              Have you tried to download the JNLP via wget or directly by your browser to find out, what happens if you do a direct download skipping WebStart.

               

              Best regards,

              Mark

              1 of 1 people found this helpful
              • 4. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
                tux43b

                Mark,

                 

                Really appreciate your replies. I have one piece that I still can't work out. The Load Balancer is running https however the JBoss servers are just running http.

                 

                I am looking for a "proxyProtocol" setting for JBoss - is there such a thing? I want to tell JBoss that the proxy server (Load Balancer) is running https however JBoss it self is not.

                 

                Thanks

                 

                Brett

                • 5. JBoss 4.2.2 with F5 BigIP Load Balancer
                  mp911de

                  H Brett,

                  you achieve this by specifying a plain HTTP-Connector and setting secure="true" on this connector. JBoss talks HTTPS but knows, that in this case this is a secure protocol. That's the only way I know, perhaps anyone else in the Forum has yet an Idea.

                   

                  Best regards,

                  Mark

                  1 of 1 people found this helpful
                  • 6. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
                    tux43b

                    Thanks Mark - appreciate your help - here is what I added to the connector to get it working.

                     

                    <code>

                    scheme="https" secure="true" proxyName="webserver.mydomain.com" proxyPort="443"

                    <code>

                    • 7. JBoss 4.2.2 with F5 BigIP Load Balancer
                      mp911de

                      Hi Brett,

                      thanks for the info.

                       

                      Best regards,

                      Mark

                      • 8. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
                        davean80

                        Hi Brett, I am trying to help my application admin on this and would really appreciate if you could display the exact config in the server.xml file which worked for you. You mention you add this to the connector but did you add it to the 8080 connector? An output would be great.

                         

                        Thanks a lot for the help!