I have 2 servers on which I want to setup a clusterized environment like describe in the diagram bellow.
Basically I have a single web application that need to be deployed multiple times, once for every one of our clients. My idea is to create a cluster for each client, distributing the load between the 2 machines I got.
Each client would have its own server group, and every server group would be composed of 2 jboss servers, one on each machine.
I was able to configure the environment for a single server group. I believe my idea is feasible. The only thing I couldn't get my head around is how to configure multiple mod_clusters on the same server.
My mod_cluster is up and running, listening to port 10001 and distributing requests between machines. My question is, how should I configure mod_cluster so it will listen to multiple ports (10001, 10002 and 10003) and direct requests to server group associated with that port?
This is my mod_cluster configuration:
<VirtualHost 10.211.55.7:10001>
<Directory />
Order deny,allow
Deny from all
Allow from 10.211.55.
</Directory>
# This directive allows you to view mod_cluster status at URL http://10.211.55.4:10001/mod_cluster-manager
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 10.211.55.
</Location>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName other-server-group
AdvertiseFrequency 5
</VirtualHost>
Related
I am facing the following scenario: I have three servers, each with an instance of my application deployed in a standalone JBoss, I am trying to use a machine that will do the load balancing service between these three servers, for this I am using the module mod_proxy_balancer from Apache (or at least trying), and it was even easy to do the balancing, it worked correctly, however I am having problems in keeping users session and cookies, because whenever a new request is made, the balancer sends it to another server, causing that the user loses his session, I would like that when a user already had a session in one of the servers the same one was sent to him, or something of the type.
Is it possible to achieve the desired result using such resources? If so, how should I make such a setup? If not, what other tool or feature should I use?
Here's the virtual host configuration:
<VirtualHost *:80>
ServerName server.int
ProxyPass / balancer://balance/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPass /balancer-manager !
ProxyPassReverse / balancer://balance/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverseCookiePath / /
<Proxy balancer://balance/>
BalancerMember "http://server1.int" loadfactor=50
BalancerMember "http://server2.int" loadfactor=25
BalancerMember "http://server3.int" loadfactor=25
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
</VirtualHost>
Although no one has answered, I will leave here the solution to my problem if this helps anyone in the future. I ended up using HAProxy that can do exactly what I needed in a very simple way.
frontend app
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/cert.pem
redirect scheme https if !{ ssl_fc }
mode http
default_backend app
backend app
balance leastconn
mode http
option httpchk HEAD / HTTP/1.0
cookie SERVERID insert indirect nocache
server server1 server1.test.com:80 check weight 50 fall 3 rise 2 cookie server1
server server2 server2.test.com:80 check weight 50 fall 3 rise 2 cookie server2
server server3 server3.test.com:80 check weight 50 fall 3 rise 2 cookie server3
I'm trying to use ModCluster to load balance some servers. We have one single EAR that need to be load balanced by different DNSs.
We have this scenario. We need to maintain the same context 'system1' because of backward compatibility
4 servers for urla.com.br/system1/
2 servers for urlb.com.br/system1/
Using Wildfly 10.1.0 in domain mode, they are separated by two server groups: URLA and URLB. They share the same profile (URL-HA) and socket bindings (URL-HA-SOCKET).
I have an Apache with mod_cluster with a minimal configuration.
LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
Listen 10.90.0.13:7777
<VirtualHost 10.90.0.13:7777>
<Directory />
Require all granted
</Directory>
<Location />
Order deny,allow
Allow from all
</Location>
ManagerBalancerName mybalancer
ServerAdvertise on
EnableMCPMReceive On
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>
When I access http://10.90.0.13:7777/mod_cluster-manager, I see the 6 servers registered with the context system1/. They use the same EAR file, by the way.
But this is not the ideal scenario for us. The users accessing urla.com.br/system1/ cannot use the machines of urlb.com.br/system1/ and vice versa.
The only way that I can found to do this (I not tested yet...) is create one profile for each server group, so I can configure a different load balance group in:
Profile > URLA-HA / URLB-HA > Subsystems > ModCluster.
But in this case, we duplicated all configurations that exists in profile (DataSources, Queues, MailSession, etc). This is painful to maintain.
So, what options we have in my case? Thanks!
I've found the solution for my problem using only one Wildfly's profile.
For this, I have used two balancers and used ProxyPass to use the specific balancer.
Wildfly: At the Domain Controller's Console admin url, go to:
Configuration: Profiles Profile: URL-HA Subsystem: ModCluster
On the Advertising tab, change the Balancer value:
${projectcluster.modcluster.balancer:mybalancer}
Add System Properties to both the server-groups
Runtime -> Server Groups -> URLA -> View
On the System Properties tab, add:
Key 'projectcluster.modcluster.balancer' value 'first'
Key 'jboss.modcluster.multicast.address' value '224.0.2.108'
Runtime -> Server Groups -> URLB -> View
On the System Properties tab, add:
Key 'projectcluster.modcluster.balancer' value 'second'
Key 'jboss.modcluster.multicast.address' value '224.0.2.108'
After this, restart your server-groups URLA and URLB
Apache
Using the example Apache conf on the question:
...
...
ManagerBalancerName mybalancer
ServerAdvertise on
EnableMCPMReceive On
# Defined on Wildfly
AdvertiseGroup 224.0.2.108:23364
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>
Listen 10.90.0.13:8001
<VirtualHost 10.90.0.13:8001>
ProxyPass / balancer://first stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse / balancer://first
</VirtualHost>
Listen 10.90.0.13:8002
<VirtualHost 10.90.0.13:8002>
ProxyPass / balancer://second stickysession=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse / balancer://second
</VirtualHost>
All the request on 10.90.0.13:8001/system1 will be sent to first balancer and on the 10.90.0.13:8002/system1 will be sent to second balancer
And that is it.
I'm trying to use Apache to host a server that will reverse proxy to multiple other servers. The way I'm attempting to do it is through the following:
<Location /server1/>
ProxyPass http://192.168.0.31/
ProxyPassReverse http://192.168.0.31/
Order allow,deny
Allow from all
</Location>
<Location /server2/>
ProxyPass http://192.168.0.32/
ProxyPassReverse http://192.168.0.32/
Order allow,deny
Allow from all
</Location>
The proxy server is at 192.168.0.30. The problem I'm encountering is that requests/file accesses aren't being served by the right server. The client requests it from the proxy server rather than from server1 or server2, and the proxy server doesn't have the files.
GET http://192.168.0.30/php/file.php 404 (Not Found)
Any tips on what to change to resolve this issue are appreciated. Note that this isn't supposed to be a form of load balancing - server 1 and server 2 should be accessible separately.
I have a server running both Apache and IIS. IIS is using port 80 and every domain name hosted on the server using iis works fine. Now i also have apache running and is listen on port 8080. Is is possible that i have a domain www.example.com and it uses Apache, but i do not have to type www.example.com:8080 to get the site , but i go on www.example.com to get the site. I can host php on iis and all that but i want to use Apache for that website. I am currently this on httpd.conf
<VirtualHost *>
DocumentRoot "${path}/data/localweb/example"
ServerName www.example.com
<Directory "${path}/data/localweb/example">
Options FollowSymLinks Indexes
AllowOverride All
Order allow,deny
Allow from all
#Deny from all
Require all granted
</Directory>
# Other directives here
</VirtualHost>
If you have the ability to use multiple IP address oh the web server you could bind the IIS site to one on port 80 and the Apache site to port 80 on the second. If it's a VM you can just add another virtual network interface, if it's a physical server you can add a new network card.
If you only have one IP address you could setup ARR+ URL rewrite to use the IIS server to act as a reverse proxy to the apache site.
OK - so I have a developer that does not want our REST endpoints to be accessible externally with the only access allowed is localhost and the internal network scheme. Our internal network scheme is 10.10.x.x.
The way we did this is with the < LocationMatch > switch in the .conf file as follows:
<LocationMatch "/foo/bar/*">
Order deny,allow
Deny from all
Allow from 10.10
Allow from 127
</LocationMatch>
Now, the challenge we are having is that the AWS Load Balancer has an X-Forward-Host rule on it so all original source IPs and if I do Allow from 10 - obviously, will allow access to all endpoints externally because of this.
As stated before, our internal IP is 10.10 so I can do allow from 10.10 and that would resolve it but if I make more regions then the network scheme could be 10.20.x. 10.30.x.x 10.40.x.x and then it becomes a bit of an administrative nightmare.
So, what makes sense is someone mentioned to do something on the http.conf level:
<Directory />
#Example..
SetEnvIF X-Forwarded-For "(,| |^)192\.168\.1\.1(,| |$)" DenyIP
SetEnvIF X-Forwarded-For "(,| |^)10\.1\.1\.1(,| |$)" DenyIP
Order allow,deny
Deny from env=DenyIP
Allow from all
</Directory>
found from this blog
So, I am unsure how to follow this format and ensure that it denies all external IPs to these directories.
Would the http.conf file have something like:
<VirtualHost>
#Example..
SetEnvIF X-Forwarded-For "(,| |^)*\.*\.*\.*(,| |$)" DenyIP
</VirtualHost>
and my other conf file with the < LocationMatch > rules have:
<LocationMatch "/foo/bar/*">
Order deny,allow
Deny from env=DenyIP
Allow from 10.
Allow from 127
</LocationMatch>
Thanks for your help!
Rather than modifying apache, use Security Groups!
Create a security group for your Elastic Load Balancer. Allow in-bound access from 0.0.0.0/0 for ports 80 & 443.
Create a security group for your apache server(s). Allow in-bound access from the ELB Security Group (a security group can reference another security group). Also add access so you can SSH into the server(s).
That's it! The security groups will block traffic that attempts to access your apache server(s) without passing through the Load Balancer.
See:
Amazon EC2 Security Groups for Linux Instances
Configure Security Groups for Your Load Balancer