Load Balancer with Apache HTTPD - apache

I'm struggling to set up a an Apache httpd load balancer in front of a couple of application servers. This is my configuration:
ProxyRequests off
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
ProxySet lbmethod=bybusyness
ProxySet stickysession=JESSIONIDSSO
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
ProxyPassReverseCookieDomain http://127.0.0.1:8080 localhost
ProxyPassReverseCookieDomain http://remote-svr:8080 localhost
I'm not sure the last 2 lines do anything, although one of the many examples I've looked at online used them, so I added them to see if it fixed my problem (it didn't).
The issue is that if I comment out either of the BalancerMember lines eg:
#BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
Then the behaviour from a user perspective is fine, however when both members are active, the behaviour is wrong.
The application initially displays a login screen, however when both load balancers are active, the user on submitting their username and password just get redirected back to the login screen again, maybe the session is being lost somewhere. Does anyone have any idea what the issue might be?
EDIT - NOW WORKING
for reference, this setup now seems to work:
ProxyRequests off
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080 route=localServer
BalancerMember http://remote-svr:8080 route=remoteServer
ProxySet lbmethod=bybusyness
ProxySet stickysession=ROUTEID
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
Note the 'route' attribute for the individual nodes needs to be set on the nodes themselves (server.xml in this case, as the servers run JBoss). JSESSIONID worked ok as the sticky session cookie for individual applications but there is more than one application on each server, and the user needs to use the same node for all.

If I were to guess you probably loose the session due to a typo in this section:
<Proxy balancer://mycluster>
BalancerMember http://127.0.0.1:8080
BalancerMember http://remote-svr:8080
ProxySet lbmethod=bybusyness
ProxySet stickysession=JESSIONIDSSO
</Proxy>
ProxySet stickysession=JESSIONIDSSO this should probably say ProxySet stickysession=JSESSIONIDSSO? Or maybe even JSESSIONID?

Related

configuring multiple domains using virtual host with mod proxy in a single httpd instance

I have an apache instance running three domains using name based virtual hosting and every domain has resources to reverse proxy them down to an application server. Application server is a JBoss running a since JVM instance (http://x.x.x.x:8080/)
The domains along with their resources are,
www.abc.com
- alpha
www.def.com
- beta
www.ghi.com
- gamma
- (root URL - no resource)
abd.com and def.com domains have one resource whereas ghi.com has two (root (/) and gamma).
this is how we have setup virtual hosting for three different domains. A sample for abc.com domain is below,
<VirtualHost *>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
With all configuration in place when I try accessing these domains,
www.abc.com/alpha --> works
www.def.com/beta --> works
www.ghi.com/gamma --> works
www.ghi.com/ --> works
since ghi.com domain has a root mapping (/) I am able to access resources of other domain through ghi.com and if I remove the root mapping, cross domain resource accessibility does not work.
www.ghi.com/alpha --> works
www.ghi.com/beta --> works
I do not want the resources of other domain to be accessed through ghi.com. I cannot remove root mapping from ghi.com virtual host configuration.
We have tried multiple configuration but none has worked out.
I may sound bit non technical here which I apologize, but this is my problem statement and I am looking for for a fix.
update 1: configuration file after fix proposed by pandurang.
NameVirtualHost *
<VirtualHost *>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/gamma " env=BALANCER_ROUTE_CHANGED
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ " env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster4>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
ProxyPass /alpha !
</VirtualHost>
Use the below sequence and test.
ProxyPass /alpha !
ProxyPass /gamma balancer://mycluster4/gamma
ProxyPassReverse /gamma balancer://mycluster4/gamma
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
Create Three different Name-based VirtualHost and disable context(alpha and beta) in www.ghi.com.
<VirtualHost www.abc.com>
ServerName abc.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/alpha" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha balancer://mycluster4/alpha
ProxyPassReverse /alpha balancer://mycluster4/alpha
</VirtualHost>
<VirtualHost www.def.com>
ServerName def.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/beta" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /beta balancer://mycluster4/beta
ProxyPassReverse /beta balancer://mycluster4/beta
</VirtualHost>
<VirtualHost www.ghi.com>
ServerName ghi.com
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://mycluster1>
<LimitExcept POST GET>
order Allow,Deny
Deny from all
</LimitExcept>
BalancerMember http://x.x.x.x:8080 route=1 retry=0
BalancerMember http://x.x.x.x:8081 route=2 retry=0
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /alpha !
ProxyPass /beta !
ProxyPass / balancer://mycluster4/
ProxyPassReverse / balancer://mycluster4/
</VirtualHost>

Load balancer with apache httpd and wildfly for rest web services with mod_proxy

I have an apache load balancer with mod_proxy and wildfly (apache 224 and wildfly 9).
I have 4 servers in domain in wildfly and the load balancer works fine with a "hello world" app, and in the balancer manager i can see how the requests are sent to each server.
The thing is, When I use the app that has some REST web services, i am sending the request with a GET method and some headers for authentication, and somehow, the application is responding with error when i access it through the load balancer, but if I send it directly to the server, it works correctly.
my cofiguration goes as follows
<VirtualHost *:80>
ProxyRequests Off
<Proxy balancer://mycluster>
BalancerMember http://localhost:8080/ loadfactor=25
BalancerMember http://localhost:8230/ loadfactor=25
BalancerMember http://localhost:8330/ loadfactor=25
BalancerMember http://localhost:8430/ loadfactor=25
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Allow from all
</Location>
<Location /test>
Order allow,deny
Allow from all
</Location>
ProxyPass /test balancer://mycluster stickysession=JSESSIONID
I am testing using postman and sending the requests with a get method and a header for authentication: basic {base64 code} as follows:
http://127.0.0.1/test/myproject.ws/myproject/get_list?key=T11108101191&page=1
and this results in error.
when i try this:
http://127.0.0.1:8080/myproject.ws/myproject/get_list?key=T11108101191&page=1
This goes ok
and when i try the above, but with a post method, it gets the same error as in the load balancer.
Any idea of what am i doing wrong?
PS: I've tried putting in the WEB-INF/web.xml of the project, but i still get the same error.
Thanks to Dusan Bajic, he saw the problem I had. In the balancer member i was finishing the route with "/" and when I used the ProxyPass, i was starting with "/", duplicating that character. Somehow, with the helloworld app it worked correctly, but when i pass parameters, it failed.
The new configuration goes as follows:
<VirtualHost *:80>
ProxyRequests Off
<Proxy balancer://mycluster>
BalancerMember http://localhost:8080 loadfactor=25
BalancerMember http://localhost:8230 loadfactor=25
BalancerMember http://localhost:8330 loadfactor=25
BalancerMember http://localhost:8430 loadfactor=25
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Order Deny,Allow
Allow from all
</Location>
<Location /test>
Order allow,deny
Allow from all
</Location>
ProxyPass /test balancer://mycluster stickysession=JSESSIONID
</VirtualHost>

Apache 2.2 mod_proxy failover/load balancing

I am using mod_proxy_balancer to manage failover of backend servers (tcServers). Backend servers may return an error code instead of timing out when some other backend service fails such as NFS and we want such servers also to be marked as failed nodes. Hence we are using failonstatus directive.
<Proxy balancer://awstestbalancer>
ProxySet failonstatus=503
BalancerMember https://host:port/context/ retry=30
# the hot standby
BalancerMember https://host:port/context/ status=+H retry=0
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
Currently the failover works perfectly with one glitch. When active node fails the user gets a 503 error and from the next request the Standby server takes over.
I dont want even a single request to fail though. Cant mod_proxy failover with out ever returning an error to the client? If active node fails I want mod_proxy to try the Standby for the same request and not just from the subsequent request!
I have also tried the following settings, but they did not work. Using APACHE 2.2.59
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context route=tcserver1 loadfactor=1
BalancerMember https://host:port/context route=tcserver2 loadfactor=1
ProxySet lbmethod=bybusyness
ProxySet nofailover=Off
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
AND
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context route=tcserver1 loadfactor=1 ping=5
BalancerMember https://host:port/context route=tcserver2 loadfactor=1 ping=5
ProxySet lbmethod=bytraffic
ProxySet nofailover=On
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /context balancer://awstestbalancer
ProxyPassReverse /context balancer://awstestbalancer
Thanks!!!
Sid
Following configuration would work. if backend is on AWS and its status changes frequently you could try to decrease the connectiontimeout.
<Proxy balancer://awstestbalancer>
BalancerMember https://host:port/context/ connectiontimeout=5
BalancerMember https://host:port/context/ connectiontimeout=5
</Proxy>
ProxyPass /context balancer://awstestbalancer failonstatus=500,501,502,503,504
ProxyPassReverse /context balancer://awstestbalancer

Apache load balancing with tomcat : losing session

I am using proxy pass to load balance my workers. Somehow my tomcat session is getting lost and recreated. I tried standalone tomcat and it works fine but not with load balancer. Please help.
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /balancer-manager !
ProxyPass /images !
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster>
BalancerMember ajp://192.168.70.6:9061 route=qa1
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
<Directory "/Library/WebServer/Documents">
AllowOverride all
</Directory>
I finally figured out the cause of the issue. I had another server which was being invoked by an absolute URL from the site which was causing the workers JSESSIONID to be overwritten.

mod_proxy isn't using the port defined in my balancermembers

I'm trying to set up my apache load balancer to proxy to the same backend clusters to apps running on different ports. The cluster definitions are like this:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
BalancerMember http://192.168.2.11:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://192.168.2.10:81
BalancerMember http://192.168.2.11:81
</Proxy>
In the load balancer, one of the vhost needs to talk to both, so in the vhost definition I have:
ProxyRequests Off
ProxyPreserveHost Off
SSLProxyEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /feed balancer://wordpress-cluster/feed lbmethod=byrequests
ProxyPassReverse /feed balancer://wordpress-cluster/feed
ProxyPass / balancer://corporate-cluster/ lbmethod=byrequests
ProxyPassReverse / balancer://corporate-cluster/
when requesting for '/' , I get the content served from the port 80 app, not the port 81 app.
Would anyone know on what is happening? it looks like this might be a case of overzealous worker sharing, but shouldn't specifying the different ports prevent that?
Is there something else I should do?
Forgot to mention: this is using apache 2.2.4-1 on a centos box.
Thanks in advance!
Tim
OK, so I still don't know what happened. Did 2 steps to fix my problem:
1) split the cluster into 2 1-machine clusters and things worked:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://192.168.2.11:81
</Proxy>
But of course that killed balancing and failover support... not good
Second option, create dns aliases to ensure that the balancermembers looked different (even though they point to the same boxes:
<Proxy balancer://wordpress-cluster>
BalancerMember http://192.168.2.10:80
BalancerMember http://192.168.2.11:80
</Proxy>
<Proxy balancer://corporate-cluster>
BalancerMember http://corp01:81
BalancerMember http://corp02:81
</Proxy>
And voila! The setup is now working for me :)