2 Replies Latest reply on Apr 21, 2015 6:41 AM by Scott Carpenter

    Switching mod_cluster from AJP to HTTP (to Wildfly 8.1)

    Scott Carpenter Newbie

      I've been studying these related threads and several others, but have not had luck so far with the solutions. There is for example:

       

      Httpd mod cluster : Change AJP to HTTP connector

      https://developer.jboss.org/thread/252356

       

      Re: mod_cluster & AS7 redirect problem

      https://developer.jboss.org/message/641861

       

      We're on Wildfly 8.1 and need to stay on this for now because of timelines and upgrade problems with other frameworks. WF8.1 has this bug with AJP:

       

      [WFLY-2999] AJP connector request body stream is wrong mixed - JBoss Issue Tracker

      https://issues.jboss.org/browse/WFLY-2999

       

      mod_cluster is 1.2, with httpd running on one server in AWS, and then initially testing with one other Wildfly server in AWS.

       

      Things were working fine with AJP (other than that bug), and the switchover to HTTP was fairly simple, but now I have a redirection issue. Some configuration:

       

      <subsystem xmlns="urn:jboss:domain:modcluster:1.2">
          <mod-cluster-config connector="default" advertise="false" proxy-list="${jboss.mod_cluster.proxyList}" load-balancing-group="${jboss.mod_cluster.lbgroup}">
              <dynamic-load-provider>
                  <load-metric type="cpu"/>
              </dynamic-load-provider>
          </mod-cluster-config>
      </subsystem>
      

       

      and:

       

      <server name="default-server">
          <http-listener name="default" socket-binding="http" proxy-address-forwarding="true" max-post-size="80000000"/>
          <ajp-listener name="ajp" socket-binding="ajp" scheme="https" max-post-size="80000000"/>
          <host name="default-host" alias="localhost">
              <location name="/" handler="welcome-content"/>
          </host>
      </server>
      

       

      and httpd:

       

      <VirtualHost *:80>
          ServerName admin-dev.somewebsite.com
          RequestHeader set X-Forwarded-Proto "https"
          KeepAliveTimeout 60
          MaxKeepAliveRequests 0
          ManagerBalancerName wfadmincluster1
          EnableMCPMReceive
      

       

      I added X-Forwarded-Proto while working on this but don't know that it's needed since would be passed by AWS ELB.

       

      With this I can see in mod_cluster_manager:

       

      LBGroup wfLBDevGrp1: Enable Nodes Disable Nodes
      Node node-admin-app1 (http://int.int.int.int:8080):
      
      Enable Contexts Disable Contexts
      Balancer: wfadmincluster1,LBGroup: wfLBDevGrp1,Flushpackets: Off,Flushwait: 10000,Ping: 10000000,Smax: 1,Ttl: 60000000,Status: OK,Elected: 2,Read: 36,Transferred: 628,Connected: 0,Load: 100
      Virtual Host 1:
      
      Contexts:
      /wfadmin, Status: ENABLED Request: 0 Disable
      
      Aliases:
      default-host
      localhost
      

       

      Now let's test from a client machine (dev site is behind basic auth):

       

      wget --http-user=username --http-password=password https://admin-dev.somewebsite.com/wfadmin/
      
      --2015-04-17 06:37:00--  https://admin-dev.somewebsite.com/wfadmin/
      Resolving admin-dev.somewebsite.com... ext.ext.ext.ext
      Connecting to admin-dev.somewebsite.com|ext.ext.ext.ext|:443... connected.
      HTTP request sent, awaiting response... 401 Authorization Required
      Reusing existing connection to admin-dev.somewebsite.com:443.
      HTTP request sent, awaiting response... 302 Found
      Location: https://int.int.int.int:8080/wfadmin/webflow.wf [following]
      --2015-04-17 06:37:00--  https://int.int.int.int:8080/wfadmin/webflow.wf
      Connecting to int.int.int.int:8080... ^C
      

       

      And wget can't get there because it's the internal IP:port. With that, I don't see activity in my server log, although maybe I'm not looking at the right log or debug level. If I go directly to:

       

      https://admin-dev.somewebsite.com/wfadmin/webflow.wf

       

      I can see that it gets to the app server, but it again fails with a subsequent redirect.

       

      The solutions to this in other threads are to add ProxyPreserveHost and/or ProxyPassReverse, but when I've tried these I get 404s or 500s. It's plausible that I've made mistakes, clearly, but wondering if there's something different about our setup. I see a lot of examples with :6666 listeners and I'm not sure what those are about.

       

      Please let me know if any other configuration or results would be useful to see. I'm also not certain if the problem lies in httpd configuration or in the application. Perhaps Spring Webflow is complicating things.

       

      Thank you!

        • 1. Re: Switching mod_cluster from AJP to HTTP (to Wildfly 8.1)
          Scott Carpenter Newbie

          Following the previously set:

           

          ManagerBalancerName wfadmincluster1

           

          This seems to be working:

           

          CreateBalancers 1
          
          ProxyPass / balancer://wfadmincluster1 stickysession=JSESSIONID|jsessionid nofailover=on
          ProxyPassReverse / balancer://wfadmincluster1
          ProxyPreserveHost on
          
          • 2. Re: Switching mod_cluster from AJP to HTTP (to Wildfly 8.1)
            Scott Carpenter Newbie

            To follow up and as a caveat, our sticky sessions weren't very sticky with the above change, and looks like other people have problems there, too. Since we're no longer using session replication and failover because of other Wildfly 8.1/Infinispan/JGroups bugs, we just removed mod_cluster from the setup and used a more standard mod_proxy load balancing config:

             

            ProxyPreserveHost on
            
            <Proxy balancer://wfadmincluster1>
                BalancerMember http://admin-app1.qa.aws:8080 route=node-admin-app1
                BalancerMember http://admin-app2.qa.aws:8080 route=node-admin-app2
            </Proxy>
            
            ProxyPass / balancer://wfadmincluster1/ stickysession=JSESSIONID
            ProxyPassReverse / balancer://wfadmincluster1/
            

             

            Disabling mod_cluster modules and re-enabling:

            LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

             

            And going from standalone-ha.xml to standalone.xml