-
1. Re: https to http proxy issue...
rharrison Dec 9, 2009 6:44 AM (in response to rharrison)it got cut off:
server.xml:
<!-- mod cluster engine node --> -
2. Re: https to http proxy issue...
rharrison Dec 9, 2009 6:51 AM (in response to rharrison)I have a bit of a problem, i set up a mod_cluster/proxy box and i have a tomcat 6.0 webserver box.The webserver box has a SSL cert on it at this time and the proxy box does not. I created a proxylist in the modcluster listener on the webserver box to point to the Modcluster/proxy box. But it seems as if the proxy box is not picking up the web server box and vice versa
httpd.config :Listen 150.125.100.1:777 <VirtualHost 150.125.100.1:777> ManagerBalancerName mybal ServerAdvertise off CreateBalancers 0 #ProxyPass / balancer://mybal/ stickysession=JSESSIONID <Directory /> Order deny,allow Deny from all Allow from 150.125.100.2 </Directory> KeepAliveTimeout 60 MaxKeepAliveRequests 0 </VirtualHost> <Location /mod_cluster-manager> SetHandler mod_cluster-manager Order deny,allow Deny from all Allow from 150.125.100.1 </Location> server.xml: <Listener className="org.jboss.modcluster.ModClusterListener" advertise="false" ProxyList="150.125.100.1:777" balancer="mybal" domain="node01" stickySession="true" stickySessionForce="false" stickySessionRemove="false" nodeTimeout="300" ssl="false" sslKeyStorePass="password" sslKeyStore="keystore" sslKeyStoreType="JKS" sslTrustStore="truststore.jks" sslTrustStoreType="JKS" sslTrustStorePassword="password" /> <!-- mod cluster engine node --> <Engine name="jboss.web" defaultHost="localhost" jvmRoute="node01" >
-
3. Re: https to http proxy issue...
jfclere Dec 9, 2009 9:57 AM (in response to rharrison)See http://www.jboss.org/mod_cluster/ssl.html
You have to configure the VirtualHost on httpd side -
4. Re: https to http proxy issue...
jfclere Dec 16, 2009 3:17 AM (in response to jfclere)Copy + paste of a answer I have deleted by accident:
+++
I installed the ssl cert on the mod_cluster box successfully and it works over port 80. But when i set up the tomcat server with it's ssl connector to connect to the mod_cluster box through 443 its not connecting. i'm not getting any error in the logs.Any thing u can think of?
SSLSessionCache "shmcb:/opt/jboss/httpd/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Listen 150.125.0.1:443
<VirtualHost 150.125.0.1:443>
SSLEngine off
SSLCertificateFile /opt/ssl/cert/cert.crt
SSLCertificateKeyFile /opt/ssl/cert/key.key
SSLCACertificatePath /opt/ssl/cert/
SSLVerifyClient none
SSLVerifyDepth 10
#ServerAdvertise off
<Directory />
Order deny,allow
Deny from all
Allow from 150.125.0.
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
</VirtualHost>
<Listener className="org.jboss.modcluster.ModClusterListener"
advertise="false"
ProxyList="150.125.0.1:443"
balancer="mybal"
domain="ws01"
stickySession="true"
stickySessionForce="false"
stickySessionRemove="false"
nodeTimeout="300"
ssl="true"
sslKeyStorePass="changeit"
sslKeyStore="keystore"
sslKeyStoreType="JKS"
sslTrustStore="truststore.jks"
sslTrustStoreType="JKS"
sslTrustStorePassword="pass" />
<Connector
port="443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="keystore" keystorePass="pass"
truststoreType="JKS" truststoreFile="truststore.jks" truststorePass="pass"
clientAuth="false" sslProtocol="TLS" ciphers="xxxxx,xxxx,xxxx,xxxx"
/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" URIEncoding="UTF-8" />
+++ -
5. Re: https to http proxy issue...
jfclere Dec 16, 2009 3:14 AM (in response to jfclere)SSLEngine off
Why it should be on, no?
Use a browser (or curl) and check that you can connect from jboss to the httpd one via https://150.125.0.1/ -
6. Re: https to http proxy issue...
rharrison Dec 16, 2009 10:25 PM (in response to jfclere)Oh sorry, I guess i turned the SSLEngine off while trying a few things out.
I just turned it on. I can connect to the httpd server from the tomcat server using curl. It seems as if the issue is either on the handshake or something else. I've verified my certs and everything as well. I appreciate your responses, thank you.
-
7. Re: https to http proxy issue...
jfclere Dec 17, 2009 3:34 AM (in response to rharrison)ciphers="xxxxx,xxxx,xxxx,xxxx" looks weird for me.