0

我们有下一个配置:

  • 一台 2.2.14 版本的 apache 服务器。

  • 两台 JBoss Application Server 版本 7.1.1 在域模式下的应用程序服务器。

我们配置了一个虚拟主机和 mod_cluster 发现应用程序服务器没有问题,但是当我为 ssl 添加配置时,mod_cluster 无法发现应用程序服务器。

文件 httpd-vhosts.conf 是:

Listen <ip>:10001
MemManagerFile /var/cache/httpd
<VirtualHost <ip>:10001>
ErrorLog "/usr/IBMAHS/logs/error_ssl_log"
TransferLog "/usr/IBMAHS/logs/access_ssl_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/IBMAHS/pki/file.com.crt"
SSLCertificateKeyFile "/usr/IBMAHS/pki/file.com.key"
<Directory />
Order deny,allow
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName other-server-group_d
ServerAdvertise On
AdvertiseFrequency 5
#EnableMCPMReceive
#This directive allows you to view mod_cluster status at URL http://<ip>:10001/mod_cluster-manager
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>

谁能帮我?

4

2 回答 2

0

我假设您希望启动并运行此设置:

clients <-- SSL --> balancer <-- SSL --> AS7 workers

并且您知道其严重的性能缺陷

balancer <-- SSL --> AS7 workers

部分。以下设置有效,但必须注意客户端和 AS7 工作器之间的连接不是透明的,并且平衡器或多或少地充当中间人。如果客户信任平衡器,平衡器信任工人,工人信任平衡器,一切都很好。

给你兄弟:

带有 mod_cluster 的 Apache HTTP 服务器

MemManagerFile "/opt/httpd/cache/mod_cluster"
ServerName 10.16.94.122:2181

<IfModule manager_module>
  Listen 10.16.94.122:8847
  # As soon as it works, remove/change this...
  LogLevel debug
  <VirtualHost 10.16.94.122:8847>
    ServerName 10.16.94.122:8847
    <Directory />
      Order deny,allow
      Deny from all
      # Obviously, testing purposes...
      Allow from all
    </Directory>
    KeepAliveTimeout 60
    MaxKeepAliveRequests 0
    ServerAdvertise on
    AdvertiseFrequency 5
    ManagerBalancerName qacluster
    AdvertiseGroup 224.0.5.188:23364
    EnableMCPMReceive
    SSLEngine on
    SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
    SSLCertificateFile /opt/ssl/proper/server.crt
    SSLCertificateKeyFile /opt/ssl/proper/server.key
    SSLCACertificateFile /opt/ssl/proper/myca.crt
    #SSLVerifyClient require
    #SSLProxyVerify require
    SSLProxyEngine On
    SSLVerifyDepth 10
    <Location /mcm>
      SetHandler mod_cluster-manager
      Order deny,allow
      Deny from all
      # Obviously, testing purposes...
      Allow from all
    </Location>
  </VirtualHost>
</IfModule>

AS7 worker,standalone-ha.xml,也可以应用于适当的域:

AS7 工人

+++
</extensions>
<system-properties>
<property name="javax.net.ssl.trustStore" value="/opt/ssl/proper/client-cert-key.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="you-shall-never-know"/>
</system-properties>
<management>
+++
</management>
<profile>
+++
<subsystem xmlns="urn:jboss:domain:modcluster:1.1">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
     cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</mod-cluster-config>
</subsystem>
+++
<subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
<ssl name="https" key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
     cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS" verify-client="false"
     certificate-file="/opt/ssl/proper/client-cert-key.jks" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
+++
</profile>
<interfaces>
+++
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+++
<socket-binding name="https" port="8443"/>
+++
<socket-binding name="modcluster" port="0" multicast-address="224.0.5.188" multicast-port="23364"/>
+++

让我们知道它是否适合您。将来,您实际上可能会直接针对 JBoss mod_cluster 论坛 :-)

于 2014-01-31T18:02:19.697 回答
0

您有独立(非集群)的示例配置吗?

于 2014-10-20T12:31:04.467 回答