0 Replies Latest reply on Jul 2, 2014 10:49 AM by vamshi appala

    JBOSS AS7 +  Mod Cluster  + SSL and htttps communication between mod cluster and jboss AS7

    vamshi appala Newbie

      I am trying to setup secure cluster with SSL setting. My objective is to secure all the user request/responses

                  SSL                           SSL

      USER <----> Mod Cluster<--> JBOSS AS 7[node 1|2]

       

      Following is the configuration information for mod_cluster and JBOSS AS7

       

      Mod Cluster configuration

       

      LoadModule proxy_module modules/mod_proxy.so

      LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

      LoadModule proxy_http_module modules/mod_proxy_http.so

       

      LoadModule proxy_cluster_module modules/mod_proxy_cluster.so

       

      LoadModule manager_module modules/mod_manager.so

      LoadModule slotmem_module modules/mod_slotmem.so

      LoadModule advertise_module modules/mod_advertise.so

       

      # MOD_CLUSTER_ADDS

      # Adjust to you hostname and subnet.

      Listen 8800

      <VirtualHost 134.86.108.65:8800>

      RewriteEngine on

      RewriteCond  %{SERVER_PORT} !^6666$

      RewriteRule ^(.*) https://%{SERVER_NAME}:6666%{REQUEST_URI}

      </VirtualHost>

       

      <IfModule manager_module>

        Listen 6666

        ManagerBalancerName mycluster

        <VirtualHost 134.86.108.65:6666>

          <Directory />

            Order deny,allow

            Deny from all

            Allow from all

          </Directory>

       

          ServerAdvertise on

          EnableMCPMReceive

          #AdvertiseGroup 224.0.1.105:6666

         

          <Location /mcm>

            SetHandler mod_cluster-manager

            Order deny,allow

            Deny from all

            Allow from all

         </Location>

       

         SSLEngine on

         SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL

         SSLVerifyDepth 10

         SSLProxyEngine On

         SSLCertificateKeyFile C:/jboss-cluster/httpd-2.2/conf/server_key1.pem

         SSLCertificateFile C:/jboss-cluster/httpd-2.2/conf/server_cert.pem

         SSLCACertificateFile C:/jboss-cluster/httpd-2.2/conf/internal-root-ca.crt

         LogLevel debug

       

        </VirtualHost>

      </IfModule>

       

       

      JBOSS AS7 configuraiton

       

      <mod-cluster-config advertise-socket="modcluster" proxy-list="134.86.108.65:6666" sticky-session="true" auto-enable-contexts="true" sticky-session-remove="false" sticky-session-force="false" connector="https">

                      <ssl ca-certificate-file="C:/jboss-cluster/jboss-eap-6.2/standalone/configuration/is3keystore.jks"  certificate-key-file="C:/jboss-cluster/jboss-eap-6.2/standalone/configuration/is3keystore.jks" password="XXXX" key-alias="jboss"

                      cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS"/>

                  <dynamic-load-provider decay="2" history="10">

                  <load-metric weight="1" type="busyness"/>

                  </dynamic-load-provider>

              </mod-cluster-config>

       

      <subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" instance-id="${jboss.node.name}"  native="false">

                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                  <connector name="ajp" protocol="AJP/1.3" scheme="https"  secure="true"  socket-binding="ajp"  />

                         

                  <connector enable-lookups="false"  name="https" protocol="HTTP/1.1" scheme="https" secure="true" socket-binding="https">

       

                  <ssl ca-certificate-file="${jboss.server.config.dir}/is3keystore.jks" certificate-file="${jboss.server.config.dir}/is3keystore.jks" certificate-key-file="${jboss.server.config.dir}/is3keystore.jks" cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" key-alias="jboss" name="ssl" password="X12*-Lns" protocol="ALL"/>

                  </connector>

                  <virtual-server name="default-host" enable-welcome-root="true">

                      <alias name="localhost"/>

                      <alias name="example.com"/>

                  </virtual-server>

              </subsystem>

       

       

       

      When I try to access a web application over mod_cluster , URL is being redirected to the specific machine

       

      For example

      If I type  https://1.1.1.1:6666/ClusterWeb [ machine with mod cluster setup]

      then URL is being re-directed to

      https://2.2.2.2:8443/ClusterWeb [ Machine with JBOSS AS7 setup]

       

      How ever if I use AJP, URL is not being re-directed.

       

      Is there a way to configure SSL communication between mod cluster and JBOSS AS 7 without  URL re-direction?