i need to configure healthcheck for my ws load balancer within Apache httpd.
i am using mod_proxy_wstunnel for websocket tunneling and mod_balancer for load balancing between 2 servers.
i am using additionnaly mod_proxy_hcheck for verifying if the 2 servers are available.
the configuration is following:
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxyHCExpr ok2 {%{REQUEST_STATUS} =~ /^[2]/}
<Proxy balancer://trackingwsbalancer>
BalancerMember wss://{{ rpa_fqdn_tracking1 }}:8443 route=1 hcmethod=GET hcexpr=ok2 hcuri=/trackingproxy_advanced/actuator
BalancerMember wss://{{ rpa_fqdn_tracking2 }}:8443 route=2 hcmethod=GET hcexpr=ok2 hcuri=/trackingproxy_advanced/actuator
ProxySet stickysession=ROUTEID
ProxySet lbmethod=bybusyness
</Proxy>
the problem is that the healthcheck always fails because the request behind is:
wss ://{{ rpa_fqdn_tracking1 }}:8443/trackingproxy_advanced/actuator.
and i want it to be
htpps ://{{ rpa_fqdn_tracking1 }}:8443/trackingproxy_advanced/actuator
in order to be able to handle the response for healthcheck correctly with hcexpr
i will greatly appreciate any idea to configure the protocole for the uri healthcheck.
The documentation of the mod_proxy_hcheck module says that it performs a HTTP request.
After inspecting the mod_proxy_hcheck.c( Apche 2.4.39), it seems that this case is not covered. The code doesn't check if the scheme is ws and does not replace it when it create the request.
It should be great to be able to add an absolute uri for the hckeck or replace automatically the protocol used if it's not http.
Related
I have configured an Apache http server with mod_proxy to load balance between two jetty servers (sticky sessions).
Everything works fine and as expected while the two servers are up and running. But if I get one of the servers down and then attempt to make an http post to that server, the Apache balancer redirects the post to the running server but with an empty body, losing the original request.
After the request that triggered the redirect to the running server, all subsequent requests work fine.
Apache configuration:
<Proxy balancer://cluster>
BalancerMember http://localhost:9090 route=node1
BalancerMember http://localhost:9091 route=node2
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPreserveHost On
ProxyPass "/" "balancer://cluster/"
ProxyPassReverse "/" "balancer://cluster/"
I'm using Apache Server 2.4 and Jetty 9.4.22
Any ideas on why this is happening?
Thanks.
It looks like you hit the bug introduced as a regression in 2.4.41. You can check out the details here: https://bz.apache.org/bugzilla/show_bug.cgi?id=63891
To remedy, you will need to upgrade to 2.4.42 or greater.
We have a web application hosted on Tomcat server (clustered), with two Apache web servers sitting in front and F5 load balance5 in front of apache. SSL is configured in F5 load balancer. Now whenever someone accesses our application using the load balancer's secure url, our java web application does not evaluate request.isSecure to be true. Is there any setting I need to do enable this.
In our apache web server we have the following configuration using proxy balancer
ServerName ip:80
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=Off
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster>
BalancerMember ajp://ipapp1:8009 route=jvm1 loadfactor=1
BalancerMember ajp://ipapp2:8009 route=jvm2 loadfactor=1 status=+H
ProxySet lbmethod=byrequests
</Proxy>
I tried to change the connector details in server.xml of tomcat by adding scheme= "https", secure="true" and proxyPort="443" for 8080 but it did not work.
What am I missing here?
You'd need to check your app to see if it is supported, but typically a header is forwarded communicating the request protocol. Traditionally this was the X-Forwarded-Proto header, but X-... nomenclature has been deprecated. The Forwarded header now supports what was X-Forwarded-For, X-Forwarded-Proto, etc... in one header. There is still wide support for the deprecated method however, so either approach should work pending app support.
X-Forwarded-Proto: https
or
Forwarded: proto=https
The new standards are described in RFC 7239
Maybe I'm a bit late here, but I had the same situation. I added
scheme= "https", secure="true" and proxyPort="443"
on port 8009 , not on port 8080 like the original question. That's because from Apache the request is made via AJP on port 8009.
Also, Apache must have http-ssl.conf enabled from http.conf and it has to be listening on port 443.
I tried this configuration and it worked, the request sent through the Load Balancer in front of the Apache reported the tomcat webapp in https correctly.
I hope this helps who has the same problem, it took me days to understand this.
I'm using apache2 as a local proxy balancer between the web and a jboss machine.
i've used the following configuration:
<Proxy balancer://mycluster>
BalancerMember http://localhost:8080
</Proxy>
ProxyPass /test balancer://mycluster
if i call my machine with www.mymachine.com/test then the call is passed to JBoss, but in the request it seems that it was called with 'localhost'.
how can I make sure the correct server name is passed as well?
Aviad
all i needed to do is to add:
ProxyPreserveHost On
I have an Endeca cluster setup with 3 dgraph(1 EAC Central Server and 2 EAC agent only instances). I am trying to put an Apache mod_proxy load balancer for testing purpose before the MDEX engines(I am using presentation API to hit the MDEX engine(we are working on assembler API also)). We shall be having an F5(or Nginx, which one shall be better?) hardware load balancer when we'll shall do the actual deployment. My apache server is listening at port 5555, All my Dgraphs are running at port 15000 on three different host. I'm directing the all my queries to apache load balancer.
MDEX_HOST = localhost
MDEX_PORT = 5555
private static ENEConnection createConnection() {...}
And here is my Apache Load balancer configuration. Load balancer modules included in httpd.conf file mod_proxy, mod_proxy_balancer, mod_proxy_connect, mod_proxy_http, mod_negotiation. I have put the load balancer configuration in httpd-vhosts.conf file.
NameVirtualHost *:5555
<VirtualHost *:5555>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
ServerName localhost
ProxyPass / balancer://cluster/
<Proxy balancer://cluster>
BalancerMember http://172.16.26.129:15000 loadfactor=1 retry=0 route=1
BalancerMember http://172.16.26.210:15000 loadfactor=1 retry=0 route=2
BalancerMember http://172.16.27.87:15000 loadfactor=1 retry=0 route=3
Order Deny,Allow
Deny from none
Allow from all
ProxySet lbmethod=byrequests
ProxySet stickysession=ROUTEID
</Proxy>
</VirtualHost>
<Location /balancer-manager>
SetHandler balancer
</Location>
When I do a query(Type ahead service) I'm getting the following error..
** Error Fri Apr 10 20:05:53 IST 2015 1428676553858 /atg/rest/processor/RestActorManager Caused by (#6):com.endeca.navigation.ENEException: HTTP Error 404 - Navigation Engine not able to process request 'http://localhost:5555/search?terms=je&rank=0&offset=0&irversion=640'.
Can anyone please see my load balancer configuration what I'm doing wrong? Thanks
All,
I have a jboss and apache setup hosting my .war file. I have enabled session stickiness to forward requests from apache to jboss . Assume i have 2 apache and 2 jboss instances.
Is the below setting correct ? Currently session stickyness is not working and each time request is appended with a new JSESSSION ID.
<Proxy balancer://cluster>
Order deny,allow
Allow from all
BalancerMember ajp://1.1.1.1:8010/testing keepalive=On loadfactor=1 ping=10 ttl=600
BalancerMember ajp://2.2.2.2:8010/testing keepalive=On loadfactor=1 ping=10 ttl=600
</Proxy>
ProxyPass /testing balancer://cluster timeout=60 stickysession=JSESSIONID nofailover=On
Do i need to add route variable to the balancer member configuration ??? and do i need to enable useJK flag in jboss.
YES, you need to add route to each balancer member.
route=member1
route=member2
That is how Apache knows which way to direct later requests. Look at your cookies in your browser.