我使用mod_cluster 1.2作爲負載均衡器,JBoss AS7作爲節點。我在JBoss中配置了AJP連接器,並且mod_cluster與JBoss節點連接。mod_cluster當應用服務器註冊時,https重定向不起作用
我想達到以下, 客戶< --HTTPS - >平衡器< --AJP - > JBoss的
這裏是我的mod_cluster配置,
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
LogLevel debug
ServerName localhost
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
<Location />
Order deny,allow
Allow from all
</Location>
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 127.0.0
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
</VirtualHost>
</IfModule>
Listen 80
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>
Listen 443
<VirtualHost *:443>
<Location />
Order deny,allow
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/root.pem
SSLCertificateChainFile C:/work/certs/gs/inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/key.key
</VirtualHost>
當JBoss則不然註冊mod_cluster,我嘗試http://localhost
它被重定向到https://localhost
。但是,當JBoss節點註冊時,HTTPS重定向不起作用。它僅以HTTP模式打開頁面。請幫我解決這個問題。
編輯:
作爲每karm的建議我已經配置工人< --HTTPS - >平衡器配置。但效果仍然相同。當Jboss註冊到m_c時,重定向不起作用。
這裏是我的M_C配置,
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule manager_module modules/mod_manager.so
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule advertise_module modules/mod_advertise.so
ErrorLog "logs/error_log"
LogLevel debug
ServerName localhost
Listen 8800
<VirtualHost 127.0.0.1:8800>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^8888$
RewriteRule ^(.*) https://%{SERVER_NAME}:8888%{REQUEST_URI}
</VirtualHost>
<IfModule manager_module>
Listen 8888
ManagerBalancerName qacluster
<VirtualHost 127.0.0.1:8888>
<Directory />
Order deny,allow
Deny from all
Allow from all
</Directory>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
#ServerAdvertise on
#AdvertiseGroup 224.0.1.105:6666
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from all
</Location>
SSLEngine On
SSLCACertificateFile C:/work/certs/gs/gs_root.pem
SSLCertificateChainFile C:/work/certs/gs/gs_inter.pem
SSLCertificateFile C:/work/certs/gs/kc.pem
SSLCertificateKeyFile C:/work/certs/gs/kc.key
</VirtualHost>
</IfModule>
JBoss的配置,
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
<mod-cluster-config proxy-list="127.0.0.1:8888" advertise="false" excluded-contexts="admin-console,invoker,jbossws,jmx-console,juddi,web-console">
<ssl key-alias="1" password="changeit" certificate-key-file="C:\Users\jai\.keystore" ca-certificate-file="C:\work\certs\gs\ca.jks"/>
</mod-cluster-config>
</subsystem>
後的JBoss與M_C本身不工作的鏈接http://localhost:8800/mcm
註冊。
這裏是M_C的調試日誌,
[Tue Nov 20 11:43:13 2012] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Nov 20 11:43:13 2012] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Nov 20 11:43:13 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Nov 20 11:43:13 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Nov 20 11:43:13 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Nov 20 11:43:13 2012] [info] Init: Initializing (virtual) servers for SSL
[Tue Nov 20 11:43:13 2012] [info] Configuring server for SSL protocol
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(601): Configuring client authentication
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Tue Nov 20 11:43:13 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
[Tue Nov 20 11:43:13 2012] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/0.9.8r
[Tue Nov 20 11:43:13 2012] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Nov 20 11:43:14 2012] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Nov 20 11:43:14 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Nov 20 11:43:14 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Nov 20 11:43:14 2012] [info] Init: Initializing (virtual) servers for SSL
[Tue Nov 20 11:43:14 2012] [info] Configuring server for SSL protocol
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(601): Configuring client authentication
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
[Tue Nov 20 11:43:14 2012] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/0.9.8r
[Tue Nov 20 11:43:14 2012] [notice] Advertise initialized for process 6148
[Tue Nov 20 11:43:14 2012] [notice] Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0g mod_cluster/1.2.0.Final configured -- resuming normal operations
[Tue Nov 20 11:43:14 2012] [notice] Server built: Feb 9 2012 22:24:33
[Tue Nov 20 11:43:14 2012] [notice] Parent: Created child process 5660
[Tue Nov 20 11:43:14 2012] [debug] mpm_winnt.c(477): Parent: Sent the scoreboard to the child
[Tue Nov 20 11:43:14 2012] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Nov 20 11:43:14 2012] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Nov 20 11:43:14 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Nov 20 11:43:14 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Nov 20 11:43:14 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Nov 20 11:43:14 2012] [info] Init: Initializing (virtual) servers for SSL
[Tue Nov 20 11:43:14 2012] [info] Configuring server for SSL protocol
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(601): Configuring client authentication
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Tue Nov 20 11:43:14 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
[Tue Nov 20 11:43:14 2012] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/0.9.8r
[Tue Nov 20 11:43:15 2012] [info] Init: Seeding PRNG with 0 bytes of entropy
[Tue Nov 20 11:43:15 2012] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Nov 20 11:43:15 2012] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Nov 20 11:43:15 2012] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Nov 20 11:43:15 2012] [info] Init: Initializing (virtual) servers for SSL
[Tue Nov 20 11:43:15 2012] [info] Configuring server for SSL protocol
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(601): Configuring client authentication
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(748): Configuring server certificate chain (1 CA certificate)
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(795): Configuring RSA server certificate
[Tue Nov 20 11:43:15 2012] [debug] ssl_engine_init.c(834): Configuring RSA server private key
[Tue Nov 20 11:43:15 2012] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/0.9.8r
[Tue Nov 20 11:43:15 2012] [debug] mod_advertise.c(577): [5660 - 6148] in child post config hook
[Tue Nov 20 11:43:15 2012] [notice] Child 5660: Child process is running
[Tue Nov 20 11:43:15 2012] [debug] mpm_winnt.c(398): Child 5660: Retrieved our scoreboard from the parent.
[Tue Nov 20 11:43:15 2012] [info] Parent: Duplicating socket 128 and sending it to child process 5660
[Tue Nov 20 11:43:15 2012] [info] Parent: Duplicating socket 124 and sending it to child process 5660
[Tue Nov 20 11:43:15 2012] [debug] mpm_winnt.c(595): Parent: Sent 2 listeners to child 5660
[Tue Nov 20 11:43:15 2012] [debug] mpm_winnt.c(554): Child 5660: retrieved 2 listeners from parent
[Tue Nov 20 11:43:15 2012] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 5660 for worker proxy:reverse
[Tue Nov 20 11:43:15 2012] [debug] proxy_util.c(1914): proxy: initialized worker 0 in child 5660 for (*) min=0 max=64 smax=64
[Tue Nov 20 11:43:15 2012] [notice] Child 5660: Acquired the start mutex.
[Tue Nov 20 11:43:15 2012] [notice] Child 5660: Starting 64 worker threads.
[Tue Nov 20 11:43:15 2012] [notice] Child 5660: Starting thread to listen on port 8888.
[Tue Nov 20 11:43:15 2012] [notice] Child 5660: Starting thread to listen on port 8800.
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(678): update_workers_node starting
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(693): update_workers_node done
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(678): update_workers_node starting
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(693): update_workers_node done
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(678): update_workers_node starting
[Tue Nov 20 11:43:16 2012] [debug] mod_proxy_cluster.c(693): update_workers_node done
嗨,謝謝你的回答。不幸的是,它不適合我。我用當前的配置更新了我的問題。當JBoss worker用mod_clustered註冊時,重定向不起作用。請幫助。 – jaks