0 Replies Latest reply on Dec 5, 2013 12:53 PM by bgravley

    Apache Fronted MOD_AJP to JBossAS7 8443 PORT?

    bgravley
    bgravley Dec 5, 2013 12:53 PM

      I hope someone may have a suggestion on how to resolve an issue we are having:

       

      We have an environment / architecture that fronts all our production JBoss AS7 servers with Apache handing off all the 8009 traffic to JBAS7 vie mod_jk. Things are and have been running great for some time. Recently we have a requirement to do some connecting device cert authentication (where we actually grab some data from within the device cert to provide device linkage to application) and we are / were expecting to sustain our existing configuration model, i.e.,  Apache fronted mod_jk with AJP workers handing off to the "traditional" JBoss connectors on the application server. To support that configuration we simply added an additional worker, e.g., worker2, in our Apache configuration file as well as an additional JBoss connector, e.g., 9009, with a connector configuration that does a redirect-port="8443" and configured the JBoss HTTPS connector in the typical https 8443 setting. While everything comes up fine on both Apache and JBoss side (BTW this is all RHEL5 systems) and all of the normal worker1 traffic works fine, it appears as if the additional AJP worker2 traffic is still going to the JBoss 8009 traffic. I have a couple of questions:

       

      1. Is it possible / allowable to hand off Apache fronted mod_ajp connections to a second JBoss connector, e.g., 9009 and then have JBoss traffic that connection from the 9009 connector that is configured to redirect to the configured JBoss 8443 connector?
      2. If not, any suggestions on how to do this?

       

      Related standalone.xml connector configuration:

       

      (8443 Connector)

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

                      <ssl password="mypassword" certificate-key-file="/opt/jboss/standalone/configuration/keystore_vtn_vtn.jks" cipher-suite="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

      " protocol="TLSv1" verify-client="true" ca-certificate-file="/opt/jboss/standalone/configuration/truststore.jks"/>

                  </connector>

      (2nd AJP Connector)

      <connector name="ajp-2" protocol="AJP/1.3" scheme="https" socket-binding="ajp-2" redirect-port="8443"/>

       

      (Binding Configuration)

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">

         <socket-binding name="ajp-2" port="9009"/>

         <socket-binding name="https" port="8443"/>

       

      Any help / suggestions and or ideas is HUGELY appreciated.