Switching mod_cluster from AJP to HTTP (to Wildfly 8.1)
scarpent Apr 17, 2015 7:54 AMI've been studying these related threads and several others, but have not had luck so far with the solutions. There is for example:
Httpd mod cluster : Change AJP to HTTP connector
https://developer.jboss.org/thread/252356
Re: mod_cluster & AS7 redirect problem
https://developer.jboss.org/message/641861
We're on Wildfly 8.1 and need to stay on this for now because of timelines and upgrade problems with other frameworks. WF8.1 has this bug with AJP:
[WFLY-2999] AJP connector request body stream is wrong mixed - JBoss Issue Tracker
https://issues.jboss.org/browse/WFLY-2999
mod_cluster is 1.2, with httpd running on one server in AWS, and then initially testing with one other Wildfly server in AWS.
Things were working fine with AJP (other than that bug), and the switchover to HTTP was fairly simple, but now I have a redirection issue. Some configuration:
<subsystem xmlns="urn:jboss:domain:modcluster:1.2"> <mod-cluster-config connector="default" advertise="false" proxy-list="${jboss.mod_cluster.proxyList}" load-balancing-group="${jboss.mod_cluster.lbgroup}"> <dynamic-load-provider> <load-metric type="cpu"/> </dynamic-load-provider> </mod-cluster-config> </subsystem>
and:
<server name="default-server"> <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" max-post-size="80000000"/> <ajp-listener name="ajp" socket-binding="ajp" scheme="https" max-post-size="80000000"/> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"/> </host> </server>
and httpd:
<VirtualHost *:80> ServerName admin-dev.somewebsite.com RequestHeader set X-Forwarded-Proto "https" KeepAliveTimeout 60 MaxKeepAliveRequests 0 ManagerBalancerName wfadmincluster1 EnableMCPMReceive
I added X-Forwarded-Proto while working on this but don't know that it's needed since would be passed by AWS ELB.
With this I can see in mod_cluster_manager:
LBGroup wfLBDevGrp1: Enable Nodes Disable Nodes Node node-admin-app1 (http://int.int.int.int:8080): Enable Contexts Disable Contexts Balancer: wfadmincluster1,LBGroup: wfLBDevGrp1,Flushpackets: Off,Flushwait: 10000,Ping: 10000000,Smax: 1,Ttl: 60000000,Status: OK,Elected: 2,Read: 36,Transferred: 628,Connected: 0,Load: 100 Virtual Host 1: Contexts: /wfadmin, Status: ENABLED Request: 0 Disable Aliases: default-host localhost
Now let's test from a client machine (dev site is behind basic auth):
wget --http-user=username --http-password=password https://admin-dev.somewebsite.com/wfadmin/ --2015-04-17 06:37:00-- https://admin-dev.somewebsite.com/wfadmin/ Resolving admin-dev.somewebsite.com... ext.ext.ext.ext Connecting to admin-dev.somewebsite.com|ext.ext.ext.ext|:443... connected. HTTP request sent, awaiting response... 401 Authorization Required Reusing existing connection to admin-dev.somewebsite.com:443. HTTP request sent, awaiting response... 302 Found Location: https://int.int.int.int:8080/wfadmin/webflow.wf [following] --2015-04-17 06:37:00-- https://int.int.int.int:8080/wfadmin/webflow.wf Connecting to int.int.int.int:8080... ^C
And wget can't get there because it's the internal IP:port. With that, I don't see activity in my server log, although maybe I'm not looking at the right log or debug level. If I go directly to:
https://admin-dev.somewebsite.com/wfadmin/webflow.wf
I can see that it gets to the app server, but it again fails with a subsequent redirect.
The solutions to this in other threads are to add ProxyPreserveHost and/or ProxyPassReverse, but when I've tried these I get 404s or 500s. It's plausible that I've made mistakes, clearly, but wondering if there's something different about our setup. I see a lot of examples with :6666 listeners and I'm not sure what those are about.
Please let me know if any other configuration or results would be useful to see. I'm also not certain if the problem lies in httpd configuration or in the application. Perhaps Spring Webflow is complicating things.
Thank you!