-
1. Re: JBoss 7 and RemoteIpValve
Hi Julien,
Yes this valve still exists in AS7. It uses JBoss Web 7.0.3 which does contain this valve, see "/modules/org/jboss/as/web/main/jbossweb-7.0.3.Final.jar" in your directory structure. Unfortunately, I dont know exactly how to use it.
Anyway, I think you should dump proxy whatsoever (I might be biased here but I see no advantages to be honest ) and use AJP protocol to connect up the balancer with the server via either mod_cluster or mod_jk. Looks like it would save you quite some time ;-)
HTH,
Rado
-
2. Re: JBoss 7 and RemoteIpValve
1 of 1 people found this helpfulRadoslav Husar wrote:
Hi Julien,
Yes this valve still exists in AS7. It uses JBoss Web 7.0.3 which does contain this valve, see "/modules/org/jboss/as/web/main/jbossweb-7.0.3.Final.jar" in your directory structure. Unfortunately, I dont know exactly how to use it.
The valves can be enabled like shown in the example here http://community.jboss.org/wiki/JBossAS7SecurityDomainModel (see the example in the section "Deploying Custom Tomcat Authenticators in AS7")
-
3. Re: JBoss 7 and RemoteIpValve
Thanks Jaikiran,
The documentation you pointed me at, helped me a lot.
I finally did manage to get the correct IP by setting the Valve in jboss-web.xml.
However since now in JBoss 7 this valve is configured per deployment application and not at server level, setting <access-log/> in standalone.xml do not make the acces log files use remote IP. The valve here is only doing its job for the deployed app.
To resolved this issue I removed <access-log/> in standalone.xml file and I added the corresponding acces log valve in my jboss-web.xml.
For those interested, here is the final version of jboss-web.xml that we are using:
{code:xml}
<jboss-web>
<valve>
<class-name>org.apache.catalina.valves.RemoteIpValve</class-name>
<param>
<param-name>protocolHeader</param-name>
<param-value>x-forwarded-proto</param-value>
</param>
</valve>
<valve>
<class-name>org.apache.catalina.valves.AccessLogValve</class-name>
<param>
<param-name>prefix</param-name>
<param-value>http_access_log.</param-value>
</param>
<param>
<param-name>suffix</param-name>
<param-value>.log</param-value>
</param>
<param>
<param-name>pattern</param-name>
<param-value>%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c</param-value>
</param>
<param>
<param-name>directory</param-name>
<param-value>host</param-value>
</param>
<param>
<param-name>resolveHosts</param-name>
<param-value>false</param-value>
</param>
</valve>
</jboss-web>
{code}
-
4. Re: JBoss 7 and RemoteIpValve
However there is one little drawback with this AccessLogValve, it uses the system property catalina.base as the root directory for access log when the given directory is relative.
Since this property is not set the directory gets created where jboss is started...
I think that this valve needs to evolve to use jboss.home.dir instead.
-
5. Re: JBoss 7 and RemoteIpValve
Actually it seems to work as expected now:
<jboss-web>
<context-root>/myroot</context-root>
<!-- http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve -->
<valve>
<class-name>org.apache.catalina.valves.AccessLogValve</class-name>
<param>
<param-name>prefix</param-name>
<param-value>access_log.</param-value>
</param>
<param>
<param-name>suffix</param-name>
<param-value>.log</param-value>
</param>
<param>
<param-name>pattern</param-name>
<param-value>%h %l %u %t %r %s %b %{User-Agent}i %{JSESSIONID}c</param-value>
</param>
<param>
<param-name>directory</param-name>
<param-value>${jboss.home.dir}/log</param-value>
</param>
<param>
<param-name>resolveHosts</param-name>
<param-value>false</param-value>
</param>
</valve>
</jboss-web>