3 Replies Latest reply on Dec 18, 2014 6:08 AM by hfluz

    Configure SSL between client and apache

    hfluz
    hfluz Dec 17, 2014 1:33 PM

      I asked this question in jboss eap forum, but I got no help. Since I'm migrating to wildfly, maybe I can get more help here.

       

      This is what I want to acomplish:

      client <-- https --> apache <-- ajp --> wildfly

       

      I researched a lot about it on Google, but I'm still very confused (probably because I don't know apache very well).

      Most tutorials I found are about enabling SSL between apache and JBoss/Wildfly, which I don't need. The tutorials covering SSL on apache usually are not related to JBoss/Wildfly.

       

      Currently I have this virtualhost working for mod_cluster:

       

      <VirtualHost ip:10001>
   <Location /mod_cluster-manager>
      SetHandler mod_cluster-manager
      Order deny,allow
      Deny from all
      Allow from 189.60.90.
   </Location>

   KeepAliveTimeout 240
   MaxKeepAliveRequests 0

   ManagerBalancerName mycluster
   ServerAdvertise On
   EnableMCPMReceive

</VirtualHost>

       

      I guess that I have to add the properties below somewhere:

       

      SSLEngine on
SSLCertificateFile /etc/SSL/loadbalancer.crt
SSLCertificateKeyFile /etc/SSL/loadbalancer.key

       

      Now I don't know if I have to create another virtualhost to redirect to port 443 or if I should add those properties to mod_cluster virtualhost.

      Anyone can give me some help or have a tutorial covering SSL  between client and apache without SSL between apache and wildfly?

        • 1. Re: Configure SSL between client and apache
          arun2arunraj
          arun2arunraj Dec 17, 2014 11:19 PM (in response to hfluz)

          Yes, You have to create separate Virtual Host for your access. Following is the sample configuration.

           

          #Access Configuration
          Listen IPAddress:80

          Listen IPAddress:443

          <VirtualHost 192.168.1.9:80 >

              ServerName domain-name.com

              RewriteEngine On

              RewriteCond %{HTTPS} off

              RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

              <Location />

                  Order deny,allow

                  Allow from All

              </Location>

              ProxyPass / balancer://lb/

          </VirtualHost>

           

          <VirtualHost IPAddress:443>

              ServerName domain-name.com

              ErrorLog "logs/My_Cluster_Log"

           

              SSLEngine on

              SSLCertificateFile /etc/httpd/certs/loadbalancer.crt

              SSLCertificateKeyFile /etc/httpd/certs/loadbalancer.key

              SSLCertificateChainFile /etc/httpd/certs/gd_bundle.crt

              <Location />

                  Order deny,allow

                  Allow from All

              </Location>

              ProxyPass / balancer://lb/

          </VirtualHost>

           

          Please let me know, If you are having any doubt.

           

          Regards,
          ArunRaj. R

            • Actions
          • 2. Re: Configure SSL between client and apache
            abhinbalur
            abhinbalur Dec 18, 2014 4:33 AM (in response to arun2arunraj)

            Hi Arun;

             

            I believe this achieves  Client<--SSL-->Balancer<--AJP-->Worker

             

            What if my apps on worker are only accessed using HTTPS. Do i need to configure Client<--SSL-->Balancer<--SSL-->Worker  ??

              • Actions
            • 3. Re: Configure SSL between client and apache
              hfluz
              hfluz Dec 18, 2014 6:08 AM (in response to arun2arunraj)

              Thank you. It worked flawlessly for me.

                • Actions