JBoss 7.1 behind F5 BigIP load balancers
francoisbegin Nov 5, 2012 3:32 PMI am fairly new to JBoss and up to this point, we have only been using a single 6.x server in standalone mode. We now want to put two JBoss 7.1 servers (both running in standalone mode) behind an F5 load balancer. The F5 holds the SSL cert for our domain, security-dev.tsl.domain.com. Both back end hosts have CA-signed certs:
sddijboss7pr-01.tsl.domain.com:8443
sddijboss7pr-02.tsl.domain.com:8443
I can get to https://sddijboss7pr-02.tsl.domain.com:8443 and JBoss responds with the default page. The F5 is configured with an https monitor and it can see the two back end nodes as listening to ports 8443 with valid certs. So far so good but when I hit https://security-dev.tsl.domain.com in a browser though, I get
The connection was reset
The connection to the server was reset while the page was loading.
And turning on verbose debugging in jboss show nothing besides the F5 monitors checking the certs on the back end nodes to ensure the service is available. If I access https://security-dev.tsl.domain.com/test.html, I would expect to see this request make it to one of the back end node. The page does not exist and I would therefore expect to see a 404 reply. But I see nothing. The request never seems to make it to the back end JBoss servers. The flow should be
Client browser
-> F5 (https://security-dev.tsl.domain.com)
-> One of the JBoss server on port 8443
-> Back to the F5
-> Back to the client browser
There is encryption between the client browser and the F5 and another (different) encryption communication between the F5 and the nodes.
Here is the entry under socket-binding-group
<socket-binding name="https" port="8443"/>
Here is the subsystem/connector entry
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector
name="https"
protocol="HTTP/1.1"
scheme="https"
socket-binding="https"
secure="true">
<ssl
name="tomcat-ssl"
key-alias="tomcat"
password="--PWD--"
certificate-key-file="/opt/jboss/ssl/sddijboss7pr-02.key"
protocol="TLS"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true"/>
</subsystem>
What am I missing?
François