-
1. JBoss 4.2.2 with F5 BigIP Load Balancer
mp911de Mar 26, 2011 4:02 PM (in response to tux43b)Hi Brett,
Loadbalancing is a nice thing. First you should check, whether traffic is forwarded correctly to your servers by your LB. You can check this by monitoring your JBoss Access-Logs and checking LB's Status-Console/Logging. The LB has multiple operation modes in forwarding traffic, by SSL-Offloading you can achieve that the LB handles all SSL-Suff for your (e. g. encryption, sticky sessions) but your first goal is to make your LB talking to your JBoss boxes. Please keep in mind, that in some cases different Host-Names are used in HTTP-Redirection. As every box (JBoss Server 1, 2, Loadbalancer) has it's own IP and probably also a own Hostname, some problems can come from wrong addresses.
Perhaps check with a BigIP guy for LB-Support. JBoss forums can help you, when your LB is working.
Best regards,
Mark
-
2. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
tux43b Mar 26, 2011 8:01 PM (in response to mp911de)Hi Mark,
Thanks for the reply. Just letting you know that I have setup various applications with a load balancer, however struggling with JBoss. Just a couple of points of clarification.
- When we access the web application we actually hit (note the https)- https://mywebserver.mydomain.com/Someapp/v3.01/start.jnlp
- Problem only exists with Java Web Start - seems fine for normal static html (Note: Exception log above references http://mywebserver.mydomain.com/Someapp/v3.01/start.jnlp
- In my opinion the problem exists because the protocol is incorrect (NB. In the above exception log it is using http rather than https)
- I believe this is set at the JBoss web server (ie. Somewhere we need to tell the JBoss web server that the client will be sending https traffic, currently it (the web server) is telling the client it is http
- Of course JBoss is receiving the traffic via http because the load balancer is doing the encryption
- In an Apache environment this is done in apache using ProxyPass & ProxyPassReverse
<code>
ProxyPass /Someapp http://JBoss.local:8080/Someapp
ProxyPassReverse /Someapp http://JBoss.local:8080/Someapp
<code>
Hope this helps, as you can tell scratching my head.
Brett
-
3. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
mp911de Mar 27, 2011 7:40 AM (in response to tux43b)1 of 1 people found this helpfulHi Brett,
thanks for further information.
You should use in JBoss two different Connectors/Ports when you use a Loadbalancer handling SSL and Plain Traffic.
You can achieve this, by specifying Connectors in JBOSS_SERVER_HOME/deploy/jbossweb.sar/server.xml
When your Plain-Port would be 80, just add a second Connector. Following Example:
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" redirectPort="443" proxyPort="80" proxyName="yourLBHostName"/>
<Connector protocol="HTTP/1.1" address="${jboss.bind.address}" port="8443" secure="true" proxyPort="443" proxyName="yourLBHostName"/>
The stuff in bold is needed to tell JBoss, which Port/Host-Name the Client should see (usually you hide the Cluster-Node's real Host-Name).
Further information about running JBoss (or Tomcat) behind a proxy (such as a Loadbalacer) see http://tomcat.apache.org/tomcat-6.0-doc/proxy-howto.html
Have you tried to download the JNLP via wget or directly by your browser to find out, what happens if you do a direct download skipping WebStart.
Best regards,
Mark
-
4. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
tux43b Mar 28, 2011 8:27 PM (in response to mp911de)Mark,
Really appreciate your replies. I have one piece that I still can't work out. The Load Balancer is running https however the JBoss servers are just running http.
I am looking for a "proxyProtocol" setting for JBoss - is there such a thing? I want to tell JBoss that the proxy server (Load Balancer) is running https however JBoss it self is not.
Thanks
Brett
-
5. JBoss 4.2.2 with F5 BigIP Load Balancer
mp911de Mar 28, 2011 11:33 PM (in response to tux43b)1 of 1 people found this helpfulH Brett,
you achieve this by specifying a plain HTTP-Connector and setting secure="true" on this connector. JBoss talks HTTPS but knows, that in this case this is a secure protocol. That's the only way I know, perhaps anyone else in the Forum has yet an Idea.
Best regards,
Mark
-
6. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
tux43b Mar 30, 2011 6:59 AM (in response to mp911de)Thanks Mark - appreciate your help - here is what I added to the connector to get it working.
<code>
scheme="https" secure="true" proxyName="webserver.mydomain.com" proxyPort="443"
<code>
-
7. JBoss 4.2.2 with F5 BigIP Load Balancer
mp911de Mar 30, 2011 8:05 AM (in response to tux43b)Hi Brett,
thanks for the info.
Best regards,
Mark
-
8. Re: JBoss 4.2.2 with F5 BigIP Load Balancer
davean80 Jun 14, 2011 10:43 PM (in response to tux43b)Hi Brett, I am trying to help my application admin on this and would really appreciate if you could display the exact config in the server.xml file which worked for you. You mention you add this to the connector but did you add it to the 8080 connector? An output would be great.
Thanks a lot for the help!