mod_cluster httpd configuration
rabmcgill Aug 29, 2013 12:21 PMHi,
I am trying to set up mod_cluster 1.2.4 on jboss-ews-2.0 -> eap 6.1 and I have some questions.
1. The apache needs to accept http and https requests. Do I set up separate virtual hosts and proxy to the mod_cluster virtual host -
Listen 80
Listen 443
Listen 6666
<VirtualHost :80>
ProxyPass / balancer://mycluster stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse / balancer://mycluster
ProxyPreserveHost On
</VirtualHost>
<VirtualHost :443>
ProxyPass / balancer://mycluster stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse / balancer://mycluster
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /opt/jboss-ews-2.0/httpd/conf.d/ssl.certs/s1b.internal.standardlife.com.crt
SSLCertificateKeyFile /opt/jboss-ews-2.0/httpd/conf.d/ssl.key/s1b.internal.standardlife.com.key_nopassphrase
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost :6666>
<Directory />
Order deny,allow
Deny from all
#Allow from 127.0.0.1
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName mycluster
ServerAdvertise On
AdvertiseFrequency 5
EnableMCPMReceive On
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
#Allow from 127.0.0.1
Allow from all
</Location>
</VirtualHost>
This sort of works if I try to go to
http://mydomain:6666/mod_cluster-manager it is fine
but if I go to http://mydomain/mod_cluster-manager it fails with 500 error.
If I go to a valid jboss application
http://mydomain:80/ClusterWebApp/
or
https://mydomain:443/ClusterWebApp/
it works
But if I go to an invalid (missing) page e.g.
Internal Server Error 500.
I would like a nice 404 page, like I get if I go to http://mydomain:6666/xxx
2. If the Apache is on a different box from the Applications Server should I restrict access to the 6666 port in the Allow directive for just the Jboss servers?
3. If I were to secure the communication between httpd/mod_cluster and Jboss (via SSL) will both the HTTP and HTTPS be encrypted to the back-end server. Is there any way to just have the HTTPS traffic encrypted and the HTTP unencrypted.
Thanks.
Rab.