apache与JBoss之间的SSL
我们有下一个配置:apache与JBoss之间的SSL,apache,ssl,jboss7.x,Apache,Ssl,Jboss7.x,我们有下一个配置: 一台apache服务器,版本为2.2.14 两个应用服务器,JBoss应用服务器版本7.1.1,处于域模式 我们配置虚拟主机和mod_群集发现应用程序服务器没有问题,但当我添加ssl配置时,mod_群集无法发现应用程序服务器 文件httpd-vhosts.conf为: Listen <ip>:10001 MemManagerFile /var/cache/httpd <VirtualHost <ip>:10001> ErrorLog "
- 一台apache服务器,版本为2.2.14
- 两个应用服务器,JBoss应用服务器版本7.1.1,处于域模式
Listen <ip>:10001
MemManagerFile /var/cache/httpd
<VirtualHost <ip>:10001>
ErrorLog "/usr/IBMAHS/logs/error_ssl_log"
TransferLog "/usr/IBMAHS/logs/access_ssl_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/IBMAHS/pki/file.com.crt"
SSLCertificateKeyFile "/usr/IBMAHS/pki/file.com.key"
<Directory />
Order deny,allow
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName other-server-group_d
ServerAdvertise On
AdvertiseFrequency 5
#EnableMCPMReceive
#This directive allows you to view mod_cluster status at URL http://<ip>:10001/mod_cluster-manager
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>
Listen:10001
MemManagerFile/var/cache/httpd
ErrorLog“/usr/IBMAHS/logs/error\u ssl\u log”
TransferLog“/usr/IBMAHS/logs/access\u ssl\u log”
斯伦金安
SSLCipherSuite全部:!ADH:!出口56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile“/usr/IBMAHS/pki/file.com.crt”
SSLCertificateKeyFile“/usr/IBMAHS/pki/file.com.key”
命令拒绝,允许
通融
保持超时60
MaxKeepAliverRequests 0
ManagerBlancerName其他服务器组\u d
服务器广告
广告频率5
#启用接收
#此指令允许您在URL http://:10001/mod_cluster-manager上查看mod_集群状态
SetHandler mod_群集管理器
命令拒绝,允许
通融
有人能帮我吗?我想您希望安装并运行此设置:
clients <-- SSL --> balancer <-- SSL --> AS7 workers
客户端平衡器AS7工作者
balancer <-- SSL --> AS7 workers
平衡器AS7工人
MemManagerFile "/opt/httpd/cache/mod_cluster"
ServerName 10.16.94.122:2181
<IfModule manager_module>
Listen 10.16.94.122:8847
# As soon as it works, remove/change this...
LogLevel debug
<VirtualHost 10.16.94.122:8847>
ServerName 10.16.94.122:8847
<Directory />
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ServerAdvertise on
AdvertiseFrequency 5
ManagerBalancerName qacluster
AdvertiseGroup 224.0.5.188:23364
EnableMCPMReceive
SSLEngine on
SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
SSLCertificateFile /opt/ssl/proper/server.crt
SSLCertificateKeyFile /opt/ssl/proper/server.key
SSLCACertificateFile /opt/ssl/proper/myca.crt
#SSLVerifyClient require
#SSLProxyVerify require
SSLProxyEngine On
SSLVerifyDepth 10
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Location>
</VirtualHost>
</IfModule>
+++
</extensions>
<system-properties>
<property name="javax.net.ssl.trustStore" value="/opt/ssl/proper/client-cert-key.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="you-shall-never-know"/>
</system-properties>
<management>
+++
</management>
<profile>
+++
<subsystem xmlns="urn:jboss:domain:modcluster:1.1">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</mod-cluster-config>
</subsystem>
+++
<subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
<ssl name="https" key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS" verify-client="false"
certificate-file="/opt/ssl/proper/client-cert-key.jks" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
+++
</profile>
<interfaces>
+++
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+++
<socket-binding name="https" port="8443"/>
+++
<socket-binding name="modcluster" port="0" multicast-address="224.0.5.188" multicast-port="23364"/>
+++
MemManagerFile”/opt/httpd/cache/mod_cluster
服务器名10.16.94.122:2181
听10.16.94.122:8847
#一旦工作正常,请删除/更改此。。。
日志级调试
服务器名10.16.94.122:8847
命令拒绝,允许
全盘否定
#显然,测试目的。。。
通融
保持超时60
MaxKeepAliverRequests 0
服务器广告
广告频率5
ManagerBaranerName群集
广告组224.0.5.188:23364
启用接收
斯伦金安
SSLCipherSuite AES128-SHA:全部:!ADH:!低:!MD5:!SSLV2:!无效的
SSLCertificateFile/opt/ssl/proper/server.crt
SSLCertificateKeyFile/opt/ssl/proper/server.key
SSLCACertificateFile/opt/ssl/proper/myca.crt
#SSLVerifyClient要求
#SSLProxy验证要求
SSLProxyEngine打开
SSLVerifyDepth 10
SetHandler mod_群集管理器
命令拒绝,允许
全盘否定
#显然,测试目的。。。
通融
MemManagerFile "/opt/httpd/cache/mod_cluster"
ServerName 10.16.94.122:2181
<IfModule manager_module>
Listen 10.16.94.122:8847
# As soon as it works, remove/change this...
LogLevel debug
<VirtualHost 10.16.94.122:8847>
ServerName 10.16.94.122:8847
<Directory />
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ServerAdvertise on
AdvertiseFrequency 5
ManagerBalancerName qacluster
AdvertiseGroup 224.0.5.188:23364
EnableMCPMReceive
SSLEngine on
SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
SSLCertificateFile /opt/ssl/proper/server.crt
SSLCertificateKeyFile /opt/ssl/proper/server.key
SSLCACertificateFile /opt/ssl/proper/myca.crt
#SSLVerifyClient require
#SSLProxyVerify require
SSLProxyEngine On
SSLVerifyDepth 10
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Location>
</VirtualHost>
</IfModule>
+++
</extensions>
<system-properties>
<property name="javax.net.ssl.trustStore" value="/opt/ssl/proper/client-cert-key.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="you-shall-never-know"/>
</system-properties>
<management>
+++
</management>
<profile>
+++
<subsystem xmlns="urn:jboss:domain:modcluster:1.1">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</mod-cluster-config>
</subsystem>
+++
<subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
<ssl name="https" key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS" verify-client="false"
certificate-file="/opt/ssl/proper/client-cert-key.jks" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
+++
</profile>
<interfaces>
+++
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+++
<socket-binding name="https" port="8443"/>
+++
<socket-binding name="modcluster" port="0" multicast-address="224.0.5.188" multicast-port="23364"/>
+++
+++
+++
+++
+++
+++
+++
+++
+++
+++
让我们知道它是否适合您。将来,您可能会直接针对JBoss mod_群集论坛:-)您有独立(非群集)的示例配置吗