我假设您希望启动并运行此设置:
clients <-- SSL --> balancer <-- SSL --> AS7 workers
并且您知道其严重的性能缺陷
balancer <-- SSL --> AS7 workers
部分。以下设置有效,但必须注意客户端和 AS7 工作器之间的连接不是透明的,并且平衡器或多或少地充当中间人。如果客户信任平衡器,平衡器信任工人,工人信任平衡器,一切都很好。
给你兄弟:
带有 mod_cluster 的 Apache HTTP 服务器
MemManagerFile "/opt/httpd/cache/mod_cluster"
ServerName 10.16.94.122:2181
<IfModule manager_module>
Listen 10.16.94.122:8847
# As soon as it works, remove/change this...
LogLevel debug
<VirtualHost 10.16.94.122:8847>
ServerName 10.16.94.122:8847
<Directory />
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ServerAdvertise on
AdvertiseFrequency 5
ManagerBalancerName qacluster
AdvertiseGroup 224.0.5.188:23364
EnableMCPMReceive
SSLEngine on
SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL
SSLCertificateFile /opt/ssl/proper/server.crt
SSLCertificateKeyFile /opt/ssl/proper/server.key
SSLCACertificateFile /opt/ssl/proper/myca.crt
#SSLVerifyClient require
#SSLProxyVerify require
SSLProxyEngine On
SSLVerifyDepth 10
<Location /mcm>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
# Obviously, testing purposes...
Allow from all
</Location>
</VirtualHost>
</IfModule>
AS7 worker,standalone-ha.xml,也可以应用于适当的域:
AS7 工人
+++
</extensions>
<system-properties>
<property name="javax.net.ssl.trustStore" value="/opt/ssl/proper/client-cert-key.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="you-shall-never-know"/>
</system-properties>
<management>
+++
</management>
<profile>
+++
<subsystem xmlns="urn:jboss:domain:modcluster:1.1">
<mod-cluster-config advertise-socket="modcluster" connector="https">
<dynamic-load-provider>
<load-metric type="busyness"/>
</dynamic-load-provider>
<ssl key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</mod-cluster-config>
</subsystem>
+++
<subsystem xmlns="urn:jboss:domain:web:1.5" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true" enabled="true">
<ssl name="https" key-alias="javaclient" password="you-shall-never-know" certificate-key-file="/opt/ssl/proper/client-cert-key.jks"
cipher-suite="AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL" protocol="TLS" verify-client="false"
certificate-file="/opt/ssl/proper/client-cert-key.jks" ca-certificate-file="/opt/ssl/proper/ca-cert.jks"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
+++
</profile>
<interfaces>
+++
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
+++
<socket-binding name="https" port="8443"/>
+++
<socket-binding name="modcluster" port="0" multicast-address="224.0.5.188" multicast-port="23364"/>
+++
让我们知道它是否适合您。将来,您实际上可能会直接针对 JBoss mod_cluster 论坛 :-)