1 Reply Latest reply on Feb 26, 2016 10:57 AM by Jean-Frederic Clere

    mod_cluster and use separate port/virtual hosts for MCMP and external/proxy

    Christian Wahlgren Newbie

      Hi,

       

      Is it possible to have different ports/virtual hosts for the MCMP and the external/proxy communication in apache+mod_cluster and when using SSL everywhere?

      The reasons are two:

      1) To use separate network interfaces on the Apache server.

      2) To be able to use different SSL protocols and ciphers (it seems mod_cluster only support TLSv1.0?).

       

      I've been able to put the mod_cluster-manager on a separate port/virtual host, but not separating the above.

       

      I'm using

      - mod_cluster 1.2.6 (EPEL)

      - Apache httpd 2.2.15 (CentOS 6.7)

      - WildFly 8.2.0

      - Disabled mod_advertise

       

       

      This is my apache httpd config file:

       

      LoadModule slotmem_module modules/mod_slotmem.so

      LoadModule manager_module modules/mod_manager.so

      LoadModule proxy_cluster_module modules/mod_proxy_cluster.so

      #LoadModule advertise_module modules/mod_advertise.so

       

      Listen test-server:6666

       

      <IfModule manager_module>

          ManagerBalancerName server-group

       

          <VirtualHost test-server:443>

              ServerName test-server:443

              SSLEngine on

              SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

              SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

              SSLHonorCipherOrder On

              SSLCertificateKeyFile /etc/pki/tls/private/test_key.pem

              SSLCertificateFile    /etc/pki/tls/certs/test_cert.pem

              SSLCACertificateFile  /etc/pki/tls/certs/ca_cert.pem

              SSLVerifyDepth 10

       

              SSLProxyEngine On

              SSLProxyVerify require

              SSLProxyMachineCertificateFile /etc/pki/tls/certs/server_cert_key.pem

              SSLProxyCACertificateFile      /etc/pki/tls/certs/ca_cert.pem

              SSLProxyProtocol all -SSLv2 -SSLv3

       

              <Location />

                  Order deny,allow

                  Deny from all

                  Allow from all

              </Location>

              EnableMCPMReceive

              ProxyPreserveHost On

              ProxyPass        / balancer://server-group/ stickysession=JSESSIONID

              ProxyPassReverse / balancer://server-group/ stickysession=JSESSIONID

          </VirtualHost>

       

          <VirtualHost test-server:6666>

              Servername test-server:6666

              SSLEngine on

              SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

              SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

              SSLHonorCipherOrder On

              SSLCertificateKeyFile /etc/pki/tls/private/test_key.pem

              SSLCertificateFile    /etc/pki/tls/certs/test_cert.pem

              SSLCACertificateFile  /etc/pki/tls/certs/ca_cert.pem

              SSLVerifyDepth 10

       

              <Location />

                  SetHandler mod_cluster-manager

                  Order deny,allow

                  Deny from all

                  Allow from all

              </Location>

              AllowDisplay on

          </VirtualHost>

      </IfModule>