Also here is what we use our virtualhost config in apache for this and it works well.
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED <Proxy "balancer://loadbalancer"> BalancerMember http://server:port route=yourjvmroute connectiontimeout=600 timeout=1200 BalancerMember http://server:port route=yourjvmroute connectiontimeout=600 timeout=1200 ProxySet stickysession=ROUTEID ProxySet lbmethod=byrequests Order deny,allow Allow from all </Proxy> ProxyRequests Off ProxyPass / balancer://loadbalancer/ ProxyPassReverse / balancer://loadbalancer/
From: jonmcalexander@xxxxxxxxxxxxxx.INVALID <jonmcalexander@xxxxxxxxxxxxxx.INVALID>
Hi Sekhar, Here is a sanitized copy of our httpd-ssl.conf file. Format is identical, just names changed. Note, we are enforcing client auth between the mod_proxy and Tomcat
connector. Not end user client auth, just proxy. Thanks, #-----------httpd-ssl.conf------------------- # for web instance Listen 6750 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/path/ssl_scache(512000)" SSLSessionCacheTimeout 300 Mutex "file:/apps/apache/logs/pid/" ErrorDocument 500 /ilapp <VirtualHost _default_:6750> SSLEngine on SSLProtocol -all +TLSv1.2 SSLCipherSuite <CIPHER LIST> SSLHonorCipherOrder on SSLCertificateFile myapp.cer SSLCertificateKeyFile myapp.key SSLCertificateChainFile intermediate.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <IfModule proxy_module> SSLProxyEngine On SSLProxyVerify off SSLProxyCheckPeerName on SSLProxyCheckPeerCN on SSLProxyVerifyDepth 5 SSLProxyCACertificateFile intermediate.pem SSLProxyMachineCertificateFile myappClient.pem ProxyRequests Off BalancerPersist On <Proxy balancer://icluster> BalancerMember
https://tomcat-server:9999 ProxySet lbmethod=bybusyness ProxySet stickysession=JSESSIONID ProxySet scolonpathdelim=On Order Deny,Allow Deny from none Allow from all </Proxy> ProxyPass /iapp balancer://icluster/iappp ProxyPassReverse /iapp balancer://icluster/iappp ProxyPass /idash balancer://icluster/idash ProxyPassReverse /idash balancer://icluster/idash </IfModule> </VirtualHost>
Dream * Excel * Explore * Inspire
Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 Tel 515-988-2508 | Cell 515-988-2508
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or
take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: Suvendu Sekhar Mondal <suv3ndu@xxxxxxxxx>
Hello Jon, On Tue, Aug 2, 2022, 9:19 PM <jonmcalexander@xxxxxxxxxxxxxx.invalid> wrote:
This is way too slow! Can you please share httpd configuration? Especially load balancer and compression part.
|