JBOSS AS7 + Mod Cluster + SSL and htttps communication between mod cluster and jboss AS7
I am trying to setup secure cluster with SSL setting. My objective is to secure all the user request/responses
SSL SSL
USER <----> Mod Cluster<--> JBOSS AS 7[node 1|2]
Following is the configuration information for mod_cluster and JBOSS AS7
Mod Cluster configuration
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
# MOD_CLUSTER_ADDS
# Adjust to you hostname and subnet.
Listen 8800
<VirtualHost 134.86.108.65:8800>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^6666$
RewriteRule ^(.*) https://%{SERVER_NAME}:6666%{REQUEST_URI}
</VirtualHost>
<IfModule manager_module>
Listen 6666
ManagerBalancerName mycluster
<VirtualHost 134.86.108.65:6666>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
ServerAdvertise on
EnableMCPMReceive
#AdvertiseGroup 224.0.1.105:6666
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
SSLEngine on
SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
SSLVerifyDepth 10
SSLProxyEngine On
SSLCertificateKeyFile C:/jboss-cluster/httpd-2.2/conf/server_key1.pem
SSLCertificateFile C:/jboss-cluster/httpd-2.2/conf/server_cert.pem
SSLCACertificateFile C:/jboss-cluster/httpd-2.2/conf/internal-root-ca.crt
LogLevel debug
</VirtualHost>
</IfModule>
JBOSS AS7 configuraiton
<mod-cluster-config advertise-socket="modcluster" proxy-list="134.86.108.65:6666" sticky-session="true" auto-enable-contexts="true" sticky-session-remove="false" sticky-session-force="false" connector="https">
<ssl ca-certificate-file="C:/jboss-cluster/jboss-eap-6.2/standalone/configuration/is3keystore.jks" certificate-key-file="C:/jboss-cluster/jboss-eap-6.2/standalone/configuration/is3keystore.jks" password="XXXX" key-alias="jboss"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS"/>
<dynamic-load-provider decay="2" history="10">
<load-metric weight="1" type="busyness"/>
</dynamic-load-provider>
</mod-cluster-config>
<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" instance-id="${jboss.node.name}" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="ajp" protocol="AJP/1.3" scheme="https" secure="true" socket-binding="ajp" />
<connector enable-lookups="false" name="https" protocol="HTTP/1.1" scheme="https" secure="true" socket-binding="https">
<ssl ca-certificate-file="${jboss.server.config.dir}/is3keystore.jks" certificate-file="${jboss.server.config.dir}/is3keystore.jks" certificate-key-file="${jboss.server.config.dir}/is3keystore.jks" cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" key-alias="jboss" name="ssl" password="X12*-Lns" protocol="ALL"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
When I try to access a web application over mod_cluster , URL is being redirected to the specific machine
For example
If I type https://1.1.1.1:6666/ClusterWeb [ machine with mod cluster setup]
then URL is being re-directed to
https://2.2.2.2:8443/ClusterWeb [ Machine with JBOSS AS7 setup]
How ever if I use AJP, URL is not being re-directed.
Is there a way to configure SSL communication between mod cluster and JBOSS AS 7 without URL re-direction?