Jboss 注册应用程序服务器时,mod_群集https重定向不起作用
我使用mod_cluster 1.2作为负载平衡器,JBoss AS7作为节点。我在JBoss中配置了AJP连接器,mod_集群与JBoss节点连接 我要做到以下几点,, 客户端平衡器JBoss 这是我的mod_群集配置Jboss 注册应用程序服务器时,mod_群集https重定向不起作用,jboss,load-balancing,apache,httpd.conf,Jboss,Load Balancing,Apache,Httpd.conf,我使用mod_cluster 1.2作为负载平衡器,JBoss AS7作为节点。我在JBoss中配置了AJP连接器,mod_集群与JBoss节点连接 我要做到以下几点,, 客户端平衡器JBoss 这是我的mod_群集配置 LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so Lo
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
LogLevel debug
ServerName localhost
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
<Location />
Order deny,allow
Allow from all
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 127.0.0
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
</VirtualHost>
</IfModule>
Listen 80
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>
Listen 443
<VirtualHost *:443>
<Location />
Order deny,allow
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/root.pem
SSLCertificateChainFile C:/work/certs/gs/inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/key.key
</VirtualHost>
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
ErrorLog "logs/error_log"
LogLevel debug
ServerName localhost
Listen 8800
<VirtualHost 127.0.0.1:8800>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^8888$
RewriteRule ^(.*) https://%{SERVER_NAME}:8888%{REQUEST_URI}
</VirtualHost>
<IfModule manager_module>
Listen 8888
ManagerBalancerName qacluster
<VirtualHost 127.0.0.1:8888>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
#ServerAdvertise on
#AdvertiseGroup 224.0.1.105:6666
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/gs_root.pem
SSLCertificateChainFile C:/work/certs/gs/gs_inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/kc.key
</VirtualHost>
</IfModule>
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config proxy-list="127.0.0.1:8888" advertise="false" excluded-contexts="admin-console,invoker,jbossws,jmx-console,juddi,web-console">
<ssl key-alias="1" password="changeit" certificate-key-file="C:\Users\jai\.keystore" ca-certificate-file="C:\work\certs\gs\ca.jks"/>
</mod-cluster-config>
</subsystem>
JBoss配置
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
LogLevel debug
ServerName localhost
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
<Location />
Order deny,allow
Allow from all
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 127.0.0
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
</VirtualHost>
</IfModule>
Listen 80
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>
Listen 443
<VirtualHost *:443>
<Location />
Order deny,allow
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/root.pem
SSLCertificateChainFile C:/work/certs/gs/inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/key.key
</VirtualHost>
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
ErrorLog "logs/error_log"
LogLevel debug
ServerName localhost
Listen 8800
<VirtualHost 127.0.0.1:8800>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^8888$
RewriteRule ^(.*) https://%{SERVER_NAME}:8888%{REQUEST_URI}
</VirtualHost>
<IfModule manager_module>
Listen 8888
ManagerBalancerName qacluster
<VirtualHost 127.0.0.1:8888>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
#ServerAdvertise on
#AdvertiseGroup 224.0.1.105:6666
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/gs_root.pem
SSLCertificateChainFile C:/work/certs/gs/gs_inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/kc.key
</VirtualHost>
</IfModule>
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config proxy-list="127.0.0.1:8888" advertise="false" excluded-contexts="admin-console,invoker,jbossws,jmx-console,juddi,web-console">
<ssl key-alias="1" password="changeit" certificate-key-file="C:\Users\jai\.keystore" ca-certificate-file="C:\work\certs\gs\ca.jks"/>
</mod-cluster-config>
</subsystem>
伙计,这是一个非常奇怪的配置。。。SSLProxyVerify需要什么?Mod_集群实际上是一种MITM攻击:-此外,Mod_集群本身必须启用SSL。看一看: 1工作节点可以向平衡器注册 2连接是安全的:但clientbalancerworkers必须信任该平衡器 3.访问,例如
http://localhost:8800/mcm
被重定向到安全的
https://localhost:8888/mcm
我想这就是你想要的
HTTPD
AS7:
嗯
干杯
编辑:
请注意此错误:如果您只有https连接器,则可能会发生此错误。如果处于非活动状态,客户端在一段时间后会出现多个502错误。可行的解决方法是更改:ClientBalancerWorkers到ClientBalancer AJP->Worker,Worker SSL->Balancer
只需将AJP连接器添加到AS7即可,例如:
并为modcluster子系统设置:
问题在于mod_cluster 1.2.0。我获取了最新的mod_集群代码,并编译和使用。HTTPS重定向非常有效。您好,谢谢您的回答。不幸的是,这对我不起作用。我已经用当前配置更新了我的问题。当JBoss worker向mod_clustered注册时,重定向不起作用。请帮助。