2012-04-13 3 views
2

로 JBoss에 HTTP 요청을 보내기위한로드 밸런서 역할을하도록 아파치를 설정했습니다. 그러나 https를 추가하는 것은 어렵다는 것을 증명합니다.Apache에서 mod_jk에서 JBoss로 SSL 설정하기

#************************************************************ 
Listen 80 
# For SSL configuration, add below line also. 
Listen 443 
# Include mod_jk configuration file 
Include conf/mod-jk.conf 
#************************************************************ 
: 나는 여기

내 아파치 (관련 조각)입니다 ... 나는 아무도 그렇게, 공유하시기 바랍니다 방법을 알고있는 경우 .I이, CERT는 필요한 키 파일이 가상 호스트를 사용할 필요가 생각

여기
#************************************************************ 
    worker.list=loadbalancer,status 

    worker.node1.port=8009 
    worker.node1.host=192.168.140.128 
    worker.node1.type=ajp13 
    worker.node1.lbfactor=1 
    worker.node1.prepost_timeout=10000 #Not required if using ping_mode=A 
    worker.node1.connect_timeout=10000 #Not required if using ping_mode=A 
    worker.node1.ping_mode=A #As of mod_jk 1.2.27 

    worker.loadbalancer.type=lb 
    worker.loadbalancer.balance_workers=node1 
    worker.status.type=status 
#************************************************************ 

내입니다 :

여기 내 모드-jk.conf입니다 : 여기

#************************************************************  
LoadModule jk_module modules/mod_jk.so 

LoadModule ssl_module modules/mod_ssl.so 

JkWorkersFile conf/workers.properties 

JkLogFile logs/mod_jk.log 

JkLogLevel info 

JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" 

JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories 

JkRequestLogFormat "%w %V %T" 

JkMount /__application__/* loadbalancer 

JkUnMount /__application__/images/* loadbalancer 

JkMountFile conf/uriworkermap.properties 

JkShmFile run/jk.shm 

<Location /jkstatus> 
JkMount status 
Order deny,allow 
Deny from all 
Allow from 127.0.0.1 
Allow from 192.168.140.128 
</Location> 
#************************************************************ 

내 workers.properties입니다 (보스)에서의 server.xml : 당신은 아파치에 HTTPS 구성을 추가해야

<Server> 

    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> 
    <Listener className="org.apache.catalina.core.JasperListener" /> 
<Service name="jboss.web"> 
     <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 
       connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8"/> 
     <Connector port="8009" address="${jboss.bind.address}" 
     emptySessionPath="true" enableLookups="false" redirectPort="8443" 
     protocol="AJP/1.3" connectionTimeout="600000" maxThreads="200"/> 

    <Engine name="jboss.web" defaultHost="v-77-if-vm.us.nohsib.com" jvmRoute="node1"> 
     <Realm className="org.jboss.web.tomcat.security.JBossWebRealm" 
      certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" 
      allRolesMode="authOnly" 
      /> 

     <Host name="v-77-if-vm.us.nohsib.com"> 
      <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve" 
       cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" 
       transactionManagerObjectName="jboss:service=TransactionManager" /> 

     </Host> 
     </Engine> 
    </Service> 
</Server> 

답변

0

:

<VirtualHost *:443> 
SSLEngine On 

다음 cooresponding 가상 호스트에서,

<IfModule ssl_module> 
SSLProtocol all 
SSLCipherSuite HIGH:MEDIUM 


#CA certificates for root and intermediate 
SSLCACertificateFile "C:/production/certs/provider/providerRoot.crt" 
SSLCertificateChainFile "C:/production/certs/provider/providerIntermediate.crt" 

#Generated first via openssl; Server public and private keys. 
SSLCertificateFile "C:/production/certs/provider/your.crt" 
SSLCertificateKeyFile "C:/production/certs/provider/your.key" 
</IfModule> 

한 다음, 다음을 추가 다시 쓰기를 사용하여 https 리디렉션을 사용 설정하는 방법을 살펴볼 수도 있습니다.

RewriteEngine on 
ReWriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]