Re: load balancing with 2 HTTPS portal servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2009-07-09 at 12:24 +0300, Nedim Ozan Tekin wrote:
> 
> Hi all,
> I have already two successfully working jboss portal servers. 
> e.g. https://10.10.0.138:8443/portal 
>      https://10.10.0.139:8443/portal they work, there is no problem..
> 
> But now , what i want is to be able to use (in httpd.conf):
> 
> ProxyPass / balancer://portalcluster/ stickysession=JSESSIONID|jsessionid
> nofailover=On
>  
> <Proxy balancer://portalcluster>
>         BalancerMember https://10.10.0.138:8443 route=portaltomcat1
>         BalancerMember https://10.10.0.139:8443 route=portaltomcat1
> </Proxy>
> 
> İ realised that, i cannot https server as a balancer member.
> İ already made ssl configuration (certificates related issues) on jboss
> portal , so i dont want/need to do in apache again the same certificate
> issues.
> 
> So my problem is that : 
> "How can i configure the load balancing(sticky) between two https servers?"
> 
> Could you please help me?
> 
> Nedim Ozan Tekin
> Systems Engineer
> Havelsan Corp.
> Ankara / TR
> 

By putting https on the JBoss servers, you are protecting the
communication between the proxy and the JBoss servers. If you want to
protect the communication between user and proxy, then you need to
configure SSL on apache. Furthermore, since the proxy is not
10.10.0.138, you would require new certificates for the proxy, that are
correct for the hostname that the proxy responds to.

If you dont need to protect comms between proxy and JBoss, then just
drop the https from JBoss. There is no problem with having https
balancer members, but the certificates must match the host name. If you
continue to have proxy problems with https balancer members, then please
set LogLevel debug, and show us the error log resulting in one request
through the proxy.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux