httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] load balancing with 2 HTTPS portal servers
Date Thu, 09 Jul 2009 12:01:50 GMT
On Thu, 2009-07-09 at 12:24 +0300, Nedim Ozan Tekin wrote:
> 
> Hi all,
> I have already two successfully working jboss portal servers. 
> e.g. https://10.10.0.138:8443/portal 
>      https://10.10.0.139:8443/portal they work, there is no problem..
> 
> But now , what i want is to be able to use (in httpd.conf):
> 
> ProxyPass / balancer://portalcluster/ stickysession=JSESSIONID|jsessionid
> nofailover=On
>  
> <Proxy balancer://portalcluster>
>         BalancerMember https://10.10.0.138:8443 route=portaltomcat1
>         BalancerMember https://10.10.0.139:8443 route=portaltomcat1
> </Proxy>
> 
> İ realised that, i cannot https server as a balancer member.
> İ already made ssl configuration (certificates related issues) on jboss
> portal , so i dont want/need to do in apache again the same certificate
> issues.
> 
> So my problem is that : 
> "How can i configure the load balancing(sticky) between two https servers?"
> 
> Could you please help me?
> 
> Nedim Ozan Tekin
> Systems Engineer
> Havelsan Corp.
> Ankara / TR
> 

By putting https on the JBoss servers, you are protecting the
communication between the proxy and the JBoss servers. If you want to
protect the communication between user and proxy, then you need to
configure SSL on apache. Furthermore, since the proxy is not
10.10.0.138, you would require new certificates for the proxy, that are
correct for the hostname that the proxy responds to.

If you dont need to protect comms between proxy and JBoss, then just
drop the https from JBoss. There is no problem with having https
balancer members, but the certificates must match the host name. If you
continue to have proxy problems with https balancer members, then please
set LogLevel debug, and show us the error log resulting in one request
through the proxy.

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message