-
1. Re: https URL weirdness
jfclere Dec 4, 2012 3:23 AM (in response to soneill)1 of 1 people found this helpfulhttp://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost
if that doesn't work http://docs.jboss.org/jbossweb/7.0.x/config/http.html (
proxy-name/proxy-port).
-
2. Re: https URL weirdness
mbabacek Dec 4, 2012 3:29 AM (in response to soneill)1 of 1 people found this helpfulHi Steven,
ad 1), yes, it is: JBPAPP6-1170 , whereas the easiest solution for you would be to upgrade to mod_cluster 1.2.3.Final that has the fix included (the bug was in the native part).
ad 2), this is weird indeed. Could you show me your config, so as I can proof read it?
BTW: Ad 1) Are you 100% positive you need HTTPS between balancer and worker nodes? Isn't it enough to have client - balancer communication encrypted and use AJP for balancer - worker nodes communication (probably being on your trusted network)? Consider the performance overhead...
-
3. Re: https URL weirdness
soneill Dec 5, 2012 7:02 PM (in response to mbabacek)Thank you both for the responses. I am in the process of trying out those suggestions now. I had gotten distracted by other tasks.
To add to the second point, if I include a trailing slash, ala, https://webhost:port/path/ instead of https://webhost:port/path, things work just fine.
I will try Jean-Frederic's suggestions first, then I will post the results along with my config.
Michal - that is an important point about the performance overhead gains by terminating ssl earlier int he process. In this case of sensitive data though, depending on various industry regulations, I believe, https/secure communication is required all the way through, even if its on the internal trusted network, yes?
-
4. Re: https URL weirdness
soneill Dec 5, 2012 7:51 PM (in response to soneill)Okay, with the "ProxyPreserveHost On", I end up with this error:
Not Found
The requested URL <blah> was not found on this server.
So I turned that off, and tried the proxy-host and proxy-port settings. This worked to a degree. Now when I hit https://webhost:port/context, I get back the same URL and expected content, but with an extra slash at the end of the URL: https://webhost:port/context/
Here is my ssl config portion of my apache config:
LoadModule ssl_module /opt/jboss/httpd_jbdc/modules/mod_ssl.so
LoadModule slotmem_module /opt/jboss/httpd_jbdc/modules/mod_slotmem.so
LoadModule manager_module /opt/jboss/httpd_jbdc/modules/mod_manager.so
LoadModule proxy_cluster_module /opt/jboss/httpd_jbdc/modules/mod_proxy_cluster.so
LoadModule advertise_module /opt/jboss/httpd_jbdc/modules/mod_advertise.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
#ProxyPreserveHost On
SSLProxyEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.crt
SSLCertificateKeyFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.key
NameVirtualHost 10.0.10.15:445
MemManagerFile /var/cache/httpd
Listen 6668
<VirtualHost *:6668>
ManagerBalancerName jbdtdc
#ProxyPreserveHost On
SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.crt
SSLCertificateKeyFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.key
EnableMCPMReceive On
AdvertiseFrequency 5
ServerAdvertise off
CustomLog logs/ssl_request_modcluster_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel debug
ErrorLog logs/ssl_error_modcluster_log
TransferLog logs/ssl_access_modcluster_log
</Virtualhost>
Listen 445
<VirtualHost *:445>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName jbdtdc
#ProxyPreserveHost On
SSLEngine on
SSLProxyEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.crt
#SSLCertificateChainFile /opt/jboss/httpd_jbdc/conf/certs/wpweb1.crt
<Location />
Order deny,allow
Allow from all
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug
</VirtualHost>
Listen 80
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^445$
RewriteRule ^(.*) https://%{SERVER_NAME}:445%{REQUEST_URI}
</VirtualHost>
-
5. Re: https URL weirdness
jfclere Dec 7, 2012 2:12 AM (in response to soneill)are you sure for the extra / it might be you get a redirect to https://webhost:port/context/ for AS7?
to check curl -v https://webhost:port/context
-
6. Re: https URL weirdness
jfclere Dec 7, 2012 2:13 AM (in response to jfclere)With the ProxyPreserveHost On where does the 404 comes from? from AS7?
-
7. Re: https URL weirdness
soneill Dec 12, 2012 7:39 PM (in response to jfclere)I ended up running "curl -v -k https://webhost:port/context", since we aren't using a ca cert. It returns a 404 with or without the "/" at the end of the context.
With ProxyPerserveHost On, I do not have record of where the 404 comes from.
In any case, I ended getting sufficient use out of the current configuartion and have no need to troubleshoot further. Thank you for the assistance provided!