We are using apache version 2.2.23 in our environment.We have configured apache in such a way that it should load balance between two applications servers for the same home page.
BalancerMember abc:8101
BalancerMember abc:8102 status=+H
we need to know how the apache web server is detecting that the server 8101 is down???
is it a ping or Telnet or something other then this.
Apache HTTPd does not have out of band healthcheck for BalancerMember. It will detect that a given server is down when a proxyfied request to this server fails.
The documentation can be found here : http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Related
I am new in Apache's world, and I need to connect a server (Ubuntu system ) located in my DMZ area to a Tomcat server (Windows server System) in my network. So I wrote on my Ubuntu Apache /etc/apache2/sites-available/default-ssl:
<VirtualHost *:443>
<Location /example>
ProxyPass http://tomcatIP:8080/example/
ProxyPassReverse https://mydomain/example/
</Location>
</VirtualHost>
I restart my Apache and on the browser doesnt display anything, however if i choose source code I can see all the php, javascript, html code.
I checked the log from Apache and there are a lot logs like this:
AH00128: File does not exits: /var/html/...
I checked my firewall and everything is correct. I don`t know why my apache doesn't search on Tomcat server. Do I need more code? on apache.conf?
Many thanks for the help
You need to configure AJP Connector on Web-Server and on Tomcat Application Server.
https://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
Afer read documentation, I checked the Tomcat configuration and I watched that it wasn't the "tipical" Tomcat, it completly customized for Servicedesk software, and after many tries and fails I couldn't do anything, finally the costumer service told me that is impossible an Apache connection. ¬¬
Thanks anyway!!
Apologies this question is a mix of Chef and Apache-httpd, but ultimately I believe it's an Apache-httpd configuration issue.
I have a Chef client/node happily hitting a Chef Server w/ SSL.
Chef client/node - /etc/chef/client.rb
chef_server_url 'https://chefserverhostname/organizations/myOrg'
ssl_verify_mode :verify_peer
I'm trying to put a proxy in front of the Chef Server so I can re-point down the road if needed. Apache-httpd is installed fine (on the same box as Chef Server), all firewall and iptables are consistent with my below configuration.
Chef Server - /etc/httpd/conf/httpd.conf
Listen 8443
<VirtualHost *:8443>
ServerAdmin me#email
ServerName chefserverhostname
ServerAlias CDS-PROXY
ProxyPass / https://chefserverhostname:443/
ProxyPassReverse / https://chefserverhostname:443/
RewriteEngine On
</VirtualHost>
I reconfigure the Chef client/node's client.rb to point to https://chefserverhostname:8443/organizations/myOrg, and hope to have the request pass through the proxy. ChefServer/nginx is listening on 443 and I'm assuming that it's taking care of the SSL decrypt, and 8443 is just the 'pass-through'. But when I fire up my Chef client/node I'm getting an SSL error message:
ERROR: SSL Validation failure connecting to host: chefserverhostname - SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol
You are using HTTPS but your vhost does not have any configuration to enable mod_ssl or another TLS option. As such, you should be using http://hostname:8443 but this very not recommended.
Chef Server is an appliance at heart and this kind of extra proxy layer is possible but not how things are intended to operate. You should just use the default setup which already includes a fronting nginx proxy for Erchef and friends.
You can check https://github.com/chef-cookbooks/httpd this recipe and configure properly apache ssl and additional modules.
To me is also not ok to drop SSL connection on chef server - base on your current setup.
Since you have nginx on your machine you can extend the configuration there to support reverse proxy. Later on if you remove chefserver/nginx from this machine and you want only to leave proxy, install new nginx and apply the same conf for proxy configuration.
I rather drop apache from your setup.
I have a local web socket server running on WSS:// port 9000. In the same server I have apache running as well.
When I try and connect from my remote client directly to port 9000 via WSS like this:
wss://myserver:9000
it works fine. However, I blocked port 9000 on my router and am trying to access it via apache (which is running on SSL).
When I try and access
wss://myserver/
I can see the logs in Apache that it issued a GET but my web socket server does not receive the connection.
I've read through various SO threads and I think I have my ordering correct.
Details:
Apache Version:
Server version: Apache/2.4.7 (Ubuntu)
sudo apache2ctl -M shows proxy_* modules running
proxy_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
Apache configuration: (relevant lines inside VirtualHost)
ProxyPass / wss://localhost:9000/
ProxyPassReverse / wss://localhost:9000/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
Note that both my local web socket server and Apache are configured to use the same certificates
(I'm not sure if I need the Proxy * part, but I saw it in one SO thread)
And here are debug logs:
http://pastebin.com/gqVp3Pz5
Thanks
It seems by default Apache wstunnel does not work when the need is to tunnel SSL end to end. What works is if Apache terminates WSS and then does a WS with the local server.
I found this thread tunneling secure websocket connections with apache that describes how to recompile Apache to allow for end to end WSS tunneling.
I've currently decided to not do apache tunneling and open a firewall port for my event server directly as I don't expect my users to have the inclination to recompile Apache for this.
I have apache httpd that I want to proxy to two different tomcat servers.
I see this:
http://tomcat.apache.org/connectors-doc-archive/jk2/proxy.html
But that is only for one tomcat server. What if I had one server running on 8081 in addition to a tomcat running at 8080?
There's an easier way to setup load balancing using mod_proxy_balancer. Simply list the tomcat servers under a balancer list than put that balancer in your ProxyPass:
<Proxy balancer://mycluster>
BalancerMember http://tomcat1:8080/
BalancerMember http://tomcat2:8081/
</Proxy>
ProxyPass /test balancer://mycluster
Apache httpd two out-of-the-box options for proxying to any number of backend Tomcat instances:
mod_proxy_http
mod_proxy_ajp
They are configured identically to each other, except that the former uses the HTTP protocol for communication and the latter uses the AJP protocol and URLs that start with ajp:// instead of http:// for the backend server. Both can be configured for load-balancing, failover, etc. in the same way. You can proxy to completely separate Tomcat instances (i.e. no load-balancing: just separate backends) by providing separate proxy configuration for separate URL spaces (e.g. /app1 -> Tomcat1 and /app2 -> Tomcat2) or you can configure the two (or more) backend instances for load-balancing, etc.
Specifically, look at the documentation for the following httpd configuration directives:
<Proxy>
BalanceMember
ProxyPass
ProxyPassReverse
You can find documentation for all of these here:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html (General)
http://httpd.apache.org/docs/2.2/mod/mod_proxy_http.html (HTTP)
http://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html (AJP)
http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html (load-balancer)
If you want to use the AJP protocol and you have more complex configuration needs, you can also use mod_jk (not mod_jk2, which is an old, dead, abandoned, completely irrelevant project, now). You can find out more about mod_jk on the Tomcat site here: http://tomcat.apache.org/connectors-doc/
mod_jk has a radically different configuration procedure and a lot more AJP-specific options than mod_proxy_ajp.
The (short) documentation you mentioned in your original post (from the old mod_jk2 docs) points to Apache httpd's mod_proxy_ajp and mod_proxy_balancer modules (though it points to the unstable httpd 2.1, which was the bleeding-edge at the time that documentation was written). You were on the right track: you just needed to keep reading. You can definitely proxy to as many backend instances of Tomcat as you want with any of the modules described here.
You can install HAProxy on either 3rd server which will work as LB to both of them or you can install HAProxy on any one of them and then do following configuration.
To install HAProxy (if you're running Ubuntu/Debain distro)
$ sudo apt-get install haproxy
# Setup config file in /etc/haproxy/haproxy.cnf per requirement
# change /etc/default/ to Enabled = 1 and restart haproxy service
after setup do following mods in config:
$ sudo vim /etc/haproxy/haproxy.cfg
global
maxconn 4096
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webcluster *:80
mode http
stats enable
stats auth us3r:passw0rd
balance roundrobin
option httpchk HEAD / HTTP/1.0
option forwardfor
cookie LSW_WEB insert
option httpclose
server web01 192.168.0.1:8080 cookie LSW_WEB01 check
server web02 192.168.0.2:8081 cookie LSW_WEB02 check
Once done, restart HAProxy service by:
$ sudo service haproxy restart
Here 192.168.0.1 and 192.168.0.2 can be your two servers one can be running on port 8080 and another can be on 8081.
Ref. Post: http://www.leaseweblabs.com/2011/07/high-availability-load-balancing-using-haproxy-on-ubuntu-part-1/
You will also find online help if you will google about how to setup haproxy on your linux distribution if you're not using Ubuntu/Debain. But yes you can bet on it as it's proven tool for the job.
I want to configure Apache Web Server to meet the following requirement:
Access server1 while it's working.
Access server2 only when server1 does not respond. When server1 responds, access server1 again.
To do so, i tried configuring Apache Web Server (2.2) using mod_proxy_balancer. My problem is that session stickyness seems to be enabled by default. When server1 is not responding, the balancer redirects to server2, but when server1 recovers, the balancer does not access server1 until i clear sessions in my browser.
My balancer configuration:
ProxyPass /test balancer://mycluster
<Proxy balancer://mycluster>
BalancerMember server1-url retry=10 loadfactor=100
BalancerMember server2-url status=+H retry=10
</Proxy>
Is there any option to disable stickyness?
Thanks in advance.
You can do this with Mod_JK with below properties. Reference configuration can be found at Apache httpd 2.2.x + mod_jk 1.2.30 + tomcat 6 Error: Could not find worker with name 'XXXXX' in uri map post processing
# Disable Sticky Session
worker.loadbalancer.sticky_session=0
# Define preferred failover node for worker1
worker.worker1.redirect=worker2
# Disable worker2 for all requests except failover
worker.worker2.activation=disabled