1 Reply Latest reply on Feb 26, 2016 10:57 AM by jfclere

proxy

cwahlgren Feb 17, 2016 6:08 AM

Hi,

Is it possible to have different ports/virtual hosts for the MCMP and the external/proxy communication in apache+mod_cluster and when using SSL everywhere?

The reasons are two:

1) To use separate network interfaces on the Apache server.

2) To be able to use different SSL protocols and ciphers (it seems mod_cluster only support TLSv1.0?).

I've been able to put the mod_cluster-manager on a separate port/virtual host, but not separating the above.

I'm using

- mod_cluster 1.2.6 (EPEL)

- Apache httpd 2.2.15 (CentOS 6.7)

- WildFly 8.2.0

- Disabled mod_advertise

This is my apache httpd config file:

LoadModule slotmem_module modules/mod_slotmem.so

LoadModule manager_module modules/mod_manager.so

LoadModule proxy_cluster_module modules/mod_proxy_cluster.so

#LoadModule advertise_module modules/mod_advertise.so

Listen test-server:6666

ManagerBalancerName server-group

ServerName test-server:443

SSLEngine on

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

SSLHonorCipherOrder On

SSLCertificateKeyFile /etc/pki/tls/private/test_key.pem

SSLCertificateFile /etc/pki/tls/certs/test_cert.pem

SSLCACertificateFile /etc/pki/tls/certs/ca_cert.pem

SSLVerifyDepth 10

SSLProxyEngine On

SSLProxyVerify require

SSLProxyMachineCertificateFile /etc/pki/tls/certs/server_cert_key.pem

SSLProxyCACertificateFile /etc/pki/tls/certs/ca_cert.pem

SSLProxyProtocol all -SSLv2 -SSLv3

Order deny,allow

Deny from all

Allow from all

</Location>

EnableMCPMReceive

ProxyPreserveHost On

ProxyPass / balancer://server-group/ stickysession=JSESSIONID

ProxyPassReverse / balancer://server-group/ stickysession=JSESSIONID

</VirtualHost>

Servername test-server:6666