Load balancer not changing protocol to https on https redirect
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
Load balancer not changing protocol to https on https redirect
by JSolanu
::
Rate this Message:
I'm attempting to configure the load balancer plug in for apache, it seems to be working for http traffic but if I goto a page that required HTTPS the port changes to 443 but the protocol remains HTTP.
I found some information at the following site which seems to indicate that if authPassthroughEnabled is true on the HTTP Service and rewrite-location is true on the load balancer configuration it should be changing the protocol from HTTP to HTTPS but it doesn't seem to be working. The redirect port on http-listener-1 is set to 443, HTTPS Routing is set to false in the load balancer configuration. http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view Anyone have any ideas on what I might be missing to allow the 443 redirect to also change the protocol? The build options and loadbalancer.xml configuration I'm using are below. Using aslb-9.1.1-b13.jar Installed with instructions on http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish Apache 2.2 export CFLAGS=-m32 export CPPFLAGS=-m32 ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache --enable-ssl -enable-so --enable-rewrite --enable-proxy --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite --enable-proxy-http --enable-http --enable-dav --enable-headers --enable-mods-shared=all --with-included-apr Glassfish v2.1 Installed to /apps/glassfish Openssl 0.9.8k ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java System Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> <loadbalancer> <cluster name="MyAppCluster" policy="round-robin"> <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://my.domain.com:11010 https://my.domain.com:11011" name="app01" weight="100"/> <instance disable-timeout-in-minutes="30" enabled="true" listeners="http://my.domain.com:11020 https://my.domain.com:11021" name="app02" weight="100"/> <web-module context-root="/app" disable-timeout-in-minutes="30" enabled="true"/> <health-checker interval-in-seconds="30" timeout-in-seconds="10" url="/"/> </cluster> <property name="response-timeout-in-seconds" value="60"/> <property name="reload-poll-interval-in-seconds" value="60"/> <property name="https-routing" value="false"/> <property name="require-monitor-data" value="true"/> <property name="active-healthcheck-enabled" value="false"/> <property name="number-healthcheck-retries" value="3"/> <property name="rewrite-location" value="true"/> </loadbalancer> <!-- This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. Debugging Tips: By default, instances and web-modules are not enabled. Please enable them manually if you have not done that using asadmin. --> |
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Hi,
Have you set both authPassthroughEnabled and proxyHandler? If not, then please set them to "true" and "com.sun.enterprise.web.ProxyHandlerImpl" respectively at http-service or http-listener level. Thanks, Kshitiz JSolanu wrote: > I'm attempting to configure the load balancer plug in for apache, it seems to > be working for http traffic but if I goto a page that required HTTPS the > port changes to 443 but the protocol remains HTTP. > > I found some information at the following site which seems to indicate that > if authPassthroughEnabled is true on the HTTP Service and rewrite-location > is true on the load balancer configuration it should be changing the > protocol from HTTP to HTTPS but it doesn't seem to be working. The redirect > port on http-listener-1 is set to 443, HTTPS Routing is set to false in the > load balancer configuration. > > http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view > > > Anyone have any ideas on what I might be missing to allow the 443 redirect > to also change the protocol? The build options and loadbalancer.xml > configuration I'm using are below. > > > Using aslb-9.1.1-b13.jar > Installed with instructions on > http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish > Apache 2.2 > export CFLAGS=-m32 > export CPPFLAGS=-m32 > ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache > --enable-ssl -enable-so --enable-rewrite --enable-proxy > --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite > --enable-proxy-http --enable-http --enable-dav --enable-headers > --enable-mods-shared=all --with-included-apr > Glassfish v2.1 > Installed to /apps/glassfish > Openssl 0.9.8k > ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared > > > > > > > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java System > Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> > <loadbalancer> > <cluster name="MyAppCluster" policy="round-robin"> > <instance disable-timeout-in-minutes="30" enabled="true" > listeners="http://my.domain.com:11010 https://my.domain.com:11011" > name="app01" weight="100"/> > <instance disable-timeout-in-minutes="30" enabled="true" > listeners="http://my.domain.com:11020 https://my.domain.com:11021" > name="app02" weight="100"/> > <web-module context-root="/app" disable-timeout-in-minutes="30" > enabled="true"/> > <health-checker interval-in-seconds="30" timeout-in-seconds="10" > url="/"/> > </cluster> > <property name="response-timeout-in-seconds" value="60"/> > <property name="reload-poll-interval-in-seconds" value="60"/> > <property name="https-routing" value="false"/> > <property name="require-monitor-data" value="true"/> > <property name="active-healthcheck-enabled" value="false"/> > <property name="number-healthcheck-retries" value="3"/> > <property name="rewrite-location" value="true"/> > </loadbalancer> > <!-- > This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. > Debugging Tips: > By default, instances and web-modules are not enabled. Please enable them > manually if you have not done that using asadmin. > --> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by jluehe
::
Rate this Message:
On 10/26/09 03:51, Kshitiz Saxena wrote:
> Hi, > > Have you set both authPassthroughEnabled and proxyHandler? If not, > then please set them to "true" and > "com.sun.enterprise.web.ProxyHandlerImpl" respectively at http-service > or http-listener level. Minor comment: Setting "authPassthroughEnabled" to "true" should be sufficient, in which case "com.sun.enterprise.web.ProxyHandlerImpl", which is the default ProxyHandler implementation, will be picked up. Jan > > Thanks, > Kshitiz > > JSolanu wrote: >> I'm attempting to configure the load balancer plug in for apache, it >> seems to >> be working for http traffic but if I goto a page that required HTTPS the >> port changes to 443 but the protocol remains HTTP. >> I found some information at the following site which seems to >> indicate that if authPassthroughEnabled is true on the HTTP Service >> and rewrite-location >> is true on the load balancer configuration it should be changing the >> protocol from HTTP to HTTPS but it doesn't seem to be working. The >> redirect >> port on http-listener-1 is set to 443, HTTPS Routing is set to false >> in the >> load balancer configuration. >> >> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >> >> >> Anyone have any ideas on what I might be missing to allow the 443 >> redirect >> to also change the protocol? The build options and loadbalancer.xml >> configuration I'm using are below. >> >> Using aslb-9.1.1-b13.jar Installed with instructions on >> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >> Apache 2.2 >> export CFLAGS=-m32 >> export CPPFLAGS=-m32 >> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >> --enable-ssl -enable-so --enable-rewrite --enable-proxy >> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >> --enable-proxy-http --enable-http --enable-dav --enable-headers >> --enable-mods-shared=all --with-included-apr >> Glassfish v2.1 >> Installed to /apps/glassfish >> Openssl 0.9.8k >> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared >> >> >> >> >> >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java >> System >> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >> <loadbalancer> >> <cluster name="MyAppCluster" policy="round-robin"> >> <instance disable-timeout-in-minutes="30" enabled="true" >> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >> name="app01" weight="100"/> >> <instance disable-timeout-in-minutes="30" enabled="true" >> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >> name="app02" weight="100"/> >> <web-module context-root="/app" disable-timeout-in-minutes="30" >> enabled="true"/> >> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >> url="/"/> >> </cluster> >> <property name="response-timeout-in-seconds" value="60"/> >> <property name="reload-poll-interval-in-seconds" value="60"/> >> <property name="https-routing" value="false"/> >> <property name="require-monitor-data" value="true"/> >> <property name="active-healthcheck-enabled" value="false"/> >> <property name="number-healthcheck-retries" value="3"/> >> <property name="rewrite-location" value="true"/> >> </loadbalancer> >> <!-- >> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >> Debugging Tips: >> By default, instances and web-modules are not enabled. Please enable >> them >> manually if you have not done that using asadmin. >> --> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by JSolanu
::
Rate this Message:
Both are set at the HTTP Service level of the cluster configuration. Is there some other setting that needs to be set to to tell the server that 443 requires SSL?
The HTTP listeners are setup as follows HTTP Service: Properties: proxyHandler=com.sun.enterprise.web.ProxyHandlerImpl authPassthroughEnabled=true http-listener-1 Listener: Enabled Security: Disabled Network Address: 0.0.0.0 Listener Port: ${HTTP_LISTENER_PORT} Default Virtual Server: server Redirect Port: 443 Acceptor Threads: 1 Powered By: Enabled Blocking Disabled Properties proxiedProtocols: ws/tcp http-listener-2 Listener: Enabled Security: Enabled Network Address: 0.0.0.0 Listener Port: ${HTTP_SSL_LISTENER_PORT} Default Virtual Server: server Redirect Port: Acceptor Threads: 1 Powered By: Enabled Blocking Disabled Properties: None
|
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Hi,
Below setting should be sufficient to handle redirection. Can you provide exact details on what you want to achieve? Examples will be helpful. Also provide wireshark traces at application server instance. Thanks, Kshitiz JSolanu wrote: > Both are set at the HTTP Service level of the cluster configuration. Is > there some other setting that needs to be set to to tell the server that 443 > requires SSL? > > The HTTP listeners are setup as follows > > HTTP Service: > Properties: > proxyHandler=com.sun.enterprise.web.ProxyHandlerImpl > authPassthroughEnabled=true > > http-listener-1 > Listener: Enabled > Security: Disabled > Network Address: 0.0.0.0 > Listener Port: ${HTTP_LISTENER_PORT} > Default Virtual Server: server > Redirect Port: 443 > Acceptor Threads: 1 > Powered By: Enabled > Blocking Disabled > Properties > proxiedProtocols: ws/tcp > > http-listener-2 > Listener: Enabled > Security: Enabled > Network Address: 0.0.0.0 > Listener Port: ${HTTP_SSL_LISTENER_PORT} > Default Virtual Server: server > Redirect Port: > Acceptor Threads: 1 > Powered By: Enabled > Blocking Disabled > Properties: None > > > > > > Kshitiz Saxena wrote: > >> Hi, >> >> Have you set both authPassthroughEnabled and proxyHandler? If not, then >> please set them to "true" and "com.sun.enterprise.web.ProxyHandlerImpl" >> respectively at http-service or http-listener level. >> >> Thanks, >> Kshitiz >> >> JSolanu wrote: >> >>> I'm attempting to configure the load balancer plug in for apache, it >>> seems to >>> be working for http traffic but if I goto a page that required HTTPS the >>> port changes to 443 but the protocol remains HTTP. >>> >>> I found some information at the following site which seems to indicate >>> that >>> if authPassthroughEnabled is true on the HTTP Service and >>> rewrite-location >>> is true on the load balancer configuration it should be changing the >>> protocol from HTTP to HTTPS but it doesn't seem to be working. The >>> redirect >>> port on http-listener-1 is set to 443, HTTPS Routing is set to false in >>> the >>> load balancer configuration. >>> >>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >>> >>> >>> Anyone have any ideas on what I might be missing to allow the 443 >>> redirect >>> to also change the protocol? The build options and loadbalancer.xml >>> configuration I'm using are below. >>> >>> >>> Using aslb-9.1.1-b13.jar >>> Installed with instructions on >>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >>> Apache 2.2 >>> export CFLAGS=-m32 >>> export CPPFLAGS=-m32 >>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >>> --enable-ssl -enable-so --enable-rewrite --enable-proxy >>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >>> --enable-proxy-http --enable-http --enable-dav --enable-headers >>> --enable-mods-shared=all --with-included-apr >>> Glassfish v2.1 >>> Installed to /apps/glassfish >>> Openssl 0.9.8k >>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared >>> >>> >>> >>> >>> >>> >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java >>> System >>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >>> <loadbalancer> >>> <cluster name="MyAppCluster" policy="round-robin"> >>> <instance disable-timeout-in-minutes="30" enabled="true" >>> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >>> name="app01" weight="100"/> >>> <instance disable-timeout-in-minutes="30" enabled="true" >>> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >>> name="app02" weight="100"/> >>> <web-module context-root="/app" disable-timeout-in-minutes="30" >>> enabled="true"/> >>> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >>> url="/"/> >>> </cluster> >>> <property name="response-timeout-in-seconds" value="60"/> >>> <property name="reload-poll-interval-in-seconds" value="60"/> >>> <property name="https-routing" value="false"/> >>> <property name="require-monitor-data" value="true"/> >>> <property name="active-healthcheck-enabled" value="false"/> >>> <property name="number-healthcheck-retries" value="3"/> >>> <property name="rewrite-location" value="true"/> >>> </loadbalancer> >>> <!-- >>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >>> Debugging Tips: >>> By default, instances and web-modules are not enabled. Please enable them >>> manually if you have not done that using asadmin. >>> --> >>> >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> >> >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by JSolanu
::
Rate this Message:
I ended up setting up an instance of Sun's web server instead of trying to use Apache and everything seems to be working now.
Example of what I was trying to do was 1) Deploy an EAR with two url's http://<server>/index.jsp http://<server>/ssl/index.jsp The root page had one link pointed to the path ssl/index.jsp The WEB.xml has a security constraint that requires the ssl url to require ssl <security-constraint> <display-name>SSL Constraint</display-name> <web-resource-collection> <web-resource-name>ssl</web-resource-name> <description/> <url-pattern>/ssl/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>HEAD</http-method> <http-method>PUT</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>DELETE</http-method> </web-resource-collection> <user-data-constraint> <description/> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> </web-app> With apache when the link was selected for the ssl/index.jsp the port changed but the protocol did not With SJSWS when the link was selected both port and protocol changed.
|
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Thanks for the usecase. I will try it out and file an issue if it does
not work. Thanks, Kshitiz JSolanu wrote: > I ended up setting up an instance of Sun's web server instead of trying to > use Apache and everything seems to be working now. > > Example of what I was trying to do was > 1) Deploy an EAR with two url's > http://<server>/index.jsp > http://<server>/ssl/index.jsp > > The root page had one link pointed to the path ssl/index.jsp > > The WEB.xml has a security constraint that requires the ssl url to > require ssl > > <security-constraint> > <display-name>SSL Constraint</display-name> > <web-resource-collection> > <web-resource-name>ssl</web-resource-name> > <description/> > <url-pattern>/ssl/*</url-pattern> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>HEAD</http-method> > <http-method>PUT</http-method> > <http-method>OPTIONS</http-method> > <http-method>TRACE</http-method> > <http-method>DELETE</http-method> > </web-resource-collection> > <user-data-constraint> > <description/> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > </web-app> > > With apache when the link was selected for the ssl/index.jsp the port > changed but the protocol did not > With SJSWS when the link was selected both port and protocol changed. > > > > Kshitiz Saxena wrote: > >> Hi, >> >> Below setting should be sufficient to handle redirection. >> >> Can you provide exact details on what you want to achieve? Examples will >> be helpful. >> >> Also provide wireshark traces at application server instance. >> >> Thanks, >> Kshitiz >> >> JSolanu wrote: >> >>> Both are set at the HTTP Service level of the cluster configuration. Is >>> there some other setting that needs to be set to to tell the server that >>> 443 >>> requires SSL? >>> >>> The HTTP listeners are setup as follows >>> >>> HTTP Service: >>> Properties: >>> proxyHandler=com.sun.enterprise.web.ProxyHandlerImpl >>> authPassthroughEnabled=true >>> >>> http-listener-1 >>> Listener: Enabled >>> Security: Disabled >>> Network Address: 0.0.0.0 >>> Listener Port: ${HTTP_LISTENER_PORT} >>> Default Virtual Server: server >>> Redirect Port: 443 >>> Acceptor Threads: 1 >>> Powered By: Enabled >>> Blocking Disabled >>> Properties >>> proxiedProtocols: ws/tcp >>> >>> http-listener-2 >>> Listener: Enabled >>> Security: Enabled >>> Network Address: 0.0.0.0 >>> Listener Port: ${HTTP_SSL_LISTENER_PORT} >>> Default Virtual Server: server >>> Redirect Port: >>> Acceptor Threads: 1 >>> Powered By: Enabled >>> Blocking Disabled >>> Properties: None >>> >>> >>> >>> >>> >>> Kshitiz Saxena wrote: >>> >>> >>>> Hi, >>>> >>>> Have you set both authPassthroughEnabled and proxyHandler? If not, then >>>> please set them to "true" and "com.sun.enterprise.web.ProxyHandlerImpl" >>>> respectively at http-service or http-listener level. >>>> >>>> Thanks, >>>> Kshitiz >>>> >>>> JSolanu wrote: >>>> >>>> >>>>> I'm attempting to configure the load balancer plug in for apache, it >>>>> seems to >>>>> be working for http traffic but if I goto a page that required HTTPS >>>>> the >>>>> port changes to 443 but the protocol remains HTTP. >>>>> >>>>> I found some information at the following site which seems to indicate >>>>> that >>>>> if authPassthroughEnabled is true on the HTTP Service and >>>>> rewrite-location >>>>> is true on the load balancer configuration it should be changing the >>>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The >>>>> redirect >>>>> port on http-listener-1 is set to 443, HTTPS Routing is set to false in >>>>> the >>>>> load balancer configuration. >>>>> >>>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >>>>> >>>>> >>>>> Anyone have any ideas on what I might be missing to allow the 443 >>>>> redirect >>>>> to also change the protocol? The build options and loadbalancer.xml >>>>> configuration I'm using are below. >>>>> >>>>> >>>>> Using aslb-9.1.1-b13.jar >>>>> Installed with instructions on >>>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >>>>> Apache 2.2 >>>>> export CFLAGS=-m32 >>>>> export CPPFLAGS=-m32 >>>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >>>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy >>>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >>>>> --enable-proxy-http --enable-http --enable-dav --enable-headers >>>>> --enable-mods-shared=all --with-included-apr >>>>> Glassfish v2.1 >>>>> Installed to /apps/glassfish >>>>> Openssl 0.9.8k >>>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun Java >>>>> System >>>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >>>>> <loadbalancer> >>>>> <cluster name="MyAppCluster" policy="round-robin"> >>>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >>>>> name="app01" weight="100"/> >>>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >>>>> name="app02" weight="100"/> >>>>> <web-module context-root="/app" disable-timeout-in-minutes="30" >>>>> enabled="true"/> >>>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >>>>> url="/"/> >>>>> </cluster> >>>>> <property name="response-timeout-in-seconds" value="60"/> >>>>> <property name="reload-poll-interval-in-seconds" value="60"/> >>>>> <property name="https-routing" value="false"/> >>>>> <property name="require-monitor-data" value="true"/> >>>>> <property name="active-healthcheck-enabled" value="false"/> >>>>> <property name="number-healthcheck-retries" value="3"/> >>>>> <property name="rewrite-location" value="true"/> >>>>> </loadbalancer> >>>>> <!-- >>>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >>>>> Debugging Tips: >>>>> By default, instances and web-modules are not enabled. Please enable >>>>> them >>>>> manually if you have not done that using asadmin. >>>>> --> >>>>> >>>>> >>>>> >>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscribe@... >>>> For additional commands, e-mail: users-help@... >>>> >>>> >>>> >>>> >>>> >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> >> >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Hi,
I was able to try it now. Since application is changing protocol from HTTP to HTTPS, you need to set "rewrite-location" property in loadbalancer xml to false. This is required even if you are using sun web-server. Thanks, Kshitiz Kshitiz Saxena wrote: > Thanks for the usecase. I will try it out and file an issue if it does > not work. > > Thanks, > Kshitiz > > JSolanu wrote: >> I ended up setting up an instance of Sun's web server instead of >> trying to >> use Apache and everything seems to be working now. >> >> Example of what I was trying to do was >> 1) Deploy an EAR with two url's http://<server>/index.jsp >> http://<server>/ssl/index.jsp >> >> The root page had one link pointed to the path ssl/index.jsp >> >> The WEB.xml has a security constraint that requires the ssl url to >> require ssl >> <security-constraint> >> <display-name>SSL Constraint</display-name> >> <web-resource-collection> >> <web-resource-name>ssl</web-resource-name> >> <description/> >> <url-pattern>/ssl/*</url-pattern> >> <http-method>GET</http-method> >> <http-method>POST</http-method> >> <http-method>HEAD</http-method> >> <http-method>PUT</http-method> >> <http-method>OPTIONS</http-method> >> <http-method>TRACE</http-method> >> <http-method>DELETE</http-method> >> </web-resource-collection> >> <user-data-constraint> >> <description/> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> >> </security-constraint> >> </web-app> >> >> With apache when the link was selected for the ssl/index.jsp the port >> changed but the protocol did not >> With SJSWS when the link was selected both port and protocol changed. >> >> >> >> Kshitiz Saxena wrote: >> >>> Hi, >>> >>> Below setting should be sufficient to handle redirection. >>> >>> Can you provide exact details on what you want to achieve? Examples >>> will be helpful. >>> >>> Also provide wireshark traces at application server instance. >>> >>> Thanks, >>> Kshitiz >>> >>> JSolanu wrote: >>> >>>> Both are set at the HTTP Service level of the cluster >>>> configuration. Is >>>> there some other setting that needs to be set to to tell the server >>>> that >>>> 443 >>>> requires SSL? >>>> >>>> The HTTP listeners are setup as follows >>>> >>>> HTTP Service: Properties: >>>> proxyHandler=com.sun.enterprise.web.ProxyHandlerImpl >>>> authPassthroughEnabled=true >>>> >>>> http-listener-1 >>>> Listener: Enabled >>>> Security: Disabled >>>> Network Address: 0.0.0.0 >>>> Listener Port: ${HTTP_LISTENER_PORT} >>>> Default Virtual Server: server >>>> Redirect Port: 443 >>>> Acceptor Threads: 1 >>>> Powered By: Enabled >>>> Blocking Disabled >>>> Properties >>>> proxiedProtocols: ws/tcp >>>> >>>> http-listener-2 >>>> Listener: Enabled >>>> Security: Enabled >>>> Network Address: 0.0.0.0 >>>> Listener Port: ${HTTP_SSL_LISTENER_PORT} >>>> Default Virtual Server: server >>>> Redirect Port: Acceptor Threads: 1 >>>> Powered By: Enabled >>>> Blocking Disabled >>>> Properties: None >>>> >>>> >>>> >>>> >>>> >>>> Kshitiz Saxena wrote: >>>> >>>>> Hi, >>>>> >>>>> Have you set both authPassthroughEnabled and proxyHandler? If not, >>>>> then please set them to "true" and >>>>> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at >>>>> http-service or http-listener level. >>>>> >>>>> Thanks, >>>>> Kshitiz >>>>> >>>>> JSolanu wrote: >>>>> >>>>>> I'm attempting to configure the load balancer plug in for apache, it >>>>>> seems to >>>>>> be working for http traffic but if I goto a page that required HTTPS >>>>>> the >>>>>> port changes to 443 but the protocol remains HTTP. >>>>>> I found some information at the following site which seems to >>>>>> indicate >>>>>> that if authPassthroughEnabled is true on the HTTP Service and >>>>>> rewrite-location >>>>>> is true on the load balancer configuration it should be changing the >>>>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The >>>>>> redirect >>>>>> port on http-listener-1 is set to 443, HTTPS Routing is set to >>>>>> false in >>>>>> the >>>>>> load balancer configuration. >>>>>> >>>>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >>>>>> >>>>>> >>>>>> Anyone have any ideas on what I might be missing to allow the 443 >>>>>> redirect >>>>>> to also change the protocol? The build options and loadbalancer.xml >>>>>> configuration I'm using are below. >>>>>> >>>>>> Using aslb-9.1.1-b13.jar Installed with instructions on >>>>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >>>>>> Apache 2.2 >>>>>> export CFLAGS=-m32 >>>>>> export CPPFLAGS=-m32 >>>>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >>>>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy >>>>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >>>>>> --enable-proxy-http --enable-http --enable-dav --enable-headers >>>>>> --enable-mods-shared=all --with-included-apr >>>>>> Glassfish v2.1 >>>>>> Installed to /apps/glassfish >>>>>> Openssl 0.9.8k >>>>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k >>>>>> shared >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> <?xml version="1.0" encoding="UTF-8"?> >>>>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun >>>>>> Java >>>>>> System >>>>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >>>>>> <loadbalancer> >>>>>> <cluster name="MyAppCluster" policy="round-robin"> >>>>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >>>>>> name="app01" weight="100"/> >>>>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >>>>>> name="app02" weight="100"/> >>>>>> <web-module context-root="/app" disable-timeout-in-minutes="30" >>>>>> enabled="true"/> >>>>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >>>>>> url="/"/> >>>>>> </cluster> >>>>>> <property name="response-timeout-in-seconds" value="60"/> >>>>>> <property name="reload-poll-interval-in-seconds" value="60"/> >>>>>> <property name="https-routing" value="false"/> >>>>>> <property name="require-monitor-data" value="true"/> >>>>>> <property name="active-healthcheck-enabled" value="false"/> >>>>>> <property name="number-healthcheck-retries" value="3"/> >>>>>> <property name="rewrite-location" value="true"/> >>>>>> </loadbalancer> >>>>>> <!-- >>>>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >>>>>> Debugging Tips: >>>>>> By default, instances and web-modules are not enabled. Please enable >>>>>> them >>>>>> manually if you have not done that using asadmin. >>>>>> --> >>>>>> >>>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscribe@... >>>>> For additional commands, e-mail: users-help@... >>>>> >>>>> >>>>> >>>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@... >>> For additional commands, e-mail: users-help@... >>> >>> >>> >>> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Hi Jan,
I did some further deep digging into this query. In this scenario, RealmAdapter sends a redirect due to security constraint. So a redirect 302 response is created. Since request is coming through web-server acting as LB, so request "Host" header has web-server address and port. Same is reflected in redirect url created. There is a huge mismatch as web-server host name with application server instance ssl port is used in combination. For example : Web-server is running on ws.abc.com, ports 48080, 48443 While Application-server instance on as.abc.com, ports 18080, 18181 Then redirect url is https://ws.abc.com:18181. This will not work in any case. Thanks, Kshitiz Jan Luehe wrote: > On 10/26/09 03:51, Kshitiz Saxena wrote: >> Hi, >> >> Have you set both authPassthroughEnabled and proxyHandler? If not, >> then please set them to "true" and >> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at >> http-service or http-listener level. > > Minor comment: Setting "authPassthroughEnabled" to "true" should be > sufficient, > in which case "com.sun.enterprise.web.ProxyHandlerImpl", which is the > default > ProxyHandler implementation, will be picked up. > > > Jan > > >> >> Thanks, >> Kshitiz >> >> JSolanu wrote: >>> I'm attempting to configure the load balancer plug in for apache, it >>> seems to >>> be working for http traffic but if I goto a page that required HTTPS >>> the >>> port changes to 443 but the protocol remains HTTP. I found some >>> information at the following site which seems to indicate that if >>> authPassthroughEnabled is true on the HTTP Service and rewrite-location >>> is true on the load balancer configuration it should be changing the >>> protocol from HTTP to HTTPS but it doesn't seem to be working. The >>> redirect >>> port on http-listener-1 is set to 443, HTTPS Routing is set to false >>> in the >>> load balancer configuration. >>> >>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >>> >>> >>> Anyone have any ideas on what I might be missing to allow the 443 >>> redirect >>> to also change the protocol? The build options and loadbalancer.xml >>> configuration I'm using are below. >>> >>> Using aslb-9.1.1-b13.jar Installed with instructions on >>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >>> Apache 2.2 >>> export CFLAGS=-m32 >>> export CPPFLAGS=-m32 >>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >>> --enable-ssl -enable-so --enable-rewrite --enable-proxy >>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >>> --enable-proxy-http --enable-http --enable-dav --enable-headers >>> --enable-mods-shared=all --with-included-apr >>> Glassfish v2.1 >>> Installed to /apps/glassfish >>> Openssl 0.9.8k >>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared >>> >>> >>> >>> >>> >>> >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun >>> Java System >>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >>> <loadbalancer> >>> <cluster name="MyAppCluster" policy="round-robin"> >>> <instance disable-timeout-in-minutes="30" enabled="true" >>> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >>> name="app01" weight="100"/> >>> <instance disable-timeout-in-minutes="30" enabled="true" >>> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >>> name="app02" weight="100"/> >>> <web-module context-root="/app" disable-timeout-in-minutes="30" >>> enabled="true"/> >>> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >>> url="/"/> >>> </cluster> >>> <property name="response-timeout-in-seconds" value="60"/> >>> <property name="reload-poll-interval-in-seconds" value="60"/> >>> <property name="https-routing" value="false"/> >>> <property name="require-monitor-data" value="true"/> >>> <property name="active-healthcheck-enabled" value="false"/> >>> <property name="number-healthcheck-retries" value="3"/> >>> <property name="rewrite-location" value="true"/> >>> </loadbalancer> >>> <!-- >>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >>> Debugging Tips: >>> By default, instances and web-modules are not enabled. Please enable >>> them >>> manually if you have not done that using asadmin. >>> --> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Load balancer not changing protocol to https on https redirect
by Kshitiz Saxena
::
Rate this Message:
Hi All,
Jan suggested to set "redirect-port" attribute for http-listener level to front-end port. Then in case of redirection port-number specified as "redirect-port" attribute will be used. This will resolve below mentioned issue completely. Thanks, Kshitiz Kshitiz Saxena wrote: > Hi Jan, > > I did some further deep digging into this query. In this scenario, > RealmAdapter sends a redirect due to security constraint. So a > redirect 302 response is created. Since request is coming through > web-server acting as LB, so request "Host" header has web-server > address and port. Same is reflected in redirect url created. There is > a huge mismatch as web-server host name with application server > instance ssl port is used in combination. > > For example : > Web-server is running on ws.abc.com, ports 48080, 48443 > While Application-server instance on as.abc.com, ports 18080, 18181 > Then redirect url is https://ws.abc.com:18181. > > This will not work in any case. > > Thanks, > Kshitiz > > Jan Luehe wrote: >> On 10/26/09 03:51, Kshitiz Saxena wrote: >>> Hi, >>> >>> Have you set both authPassthroughEnabled and proxyHandler? If not, >>> then please set them to "true" and >>> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at >>> http-service or http-listener level. >> >> Minor comment: Setting "authPassthroughEnabled" to "true" should be >> sufficient, >> in which case "com.sun.enterprise.web.ProxyHandlerImpl", which is the >> default >> ProxyHandler implementation, will be picked up. >> >> >> Jan >> >> >>> >>> Thanks, >>> Kshitiz >>> >>> JSolanu wrote: >>>> I'm attempting to configure the load balancer plug in for apache, >>>> it seems to >>>> be working for http traffic but if I goto a page that required >>>> HTTPS the >>>> port changes to 443 but the protocol remains HTTP. I found some >>>> information at the following site which seems to indicate that if >>>> authPassthroughEnabled is true on the HTTP Service and >>>> rewrite-location >>>> is true on the load balancer configuration it should be changing the >>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The >>>> redirect >>>> port on http-listener-1 is set to 443, HTTPS Routing is set to >>>> false in the >>>> load balancer configuration. >>>> >>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view >>>> >>>> >>>> Anyone have any ideas on what I might be missing to allow the 443 >>>> redirect >>>> to also change the protocol? The build options and loadbalancer.xml >>>> configuration I'm using are below. >>>> >>>> Using aslb-9.1.1-b13.jar Installed with instructions on >>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish >>>> Apache 2.2 >>>> export CFLAGS=-m32 >>>> export CPPFLAGS=-m32 >>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache >>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy >>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite >>>> --enable-proxy-http --enable-http --enable-dav --enable-headers >>>> --enable-mods-shared=all --with-included-apr >>>> Glassfish v2.1 >>>> Installed to /apps/glassfish >>>> Openssl 0.9.8k >>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> <?xml version="1.0" encoding="UTF-8"?> >>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun >>>> Java System >>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd"> >>>> <loadbalancer> >>>> <cluster name="MyAppCluster" policy="round-robin"> >>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011" >>>> name="app01" weight="100"/> >>>> <instance disable-timeout-in-minutes="30" enabled="true" >>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021" >>>> name="app02" weight="100"/> >>>> <web-module context-root="/app" disable-timeout-in-minutes="30" >>>> enabled="true"/> >>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10" >>>> url="/"/> >>>> </cluster> >>>> <property name="response-timeout-in-seconds" value="60"/> >>>> <property name="reload-poll-interval-in-seconds" value="60"/> >>>> <property name="https-routing" value="false"/> >>>> <property name="require-monitor-data" value="true"/> >>>> <property name="active-healthcheck-enabled" value="false"/> >>>> <property name="number-healthcheck-retries" value="3"/> >>>> <property name="rewrite-location" value="true"/> >>>> </loadbalancer> >>>> <!-- >>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009]. >>>> Debugging Tips: >>>> By default, instances and web-modules are not enabled. Please >>>> enable them >>>> manually if you have not done that using asadmin. >>>> --> >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@... >>> For additional commands, e-mail: users-help@... >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@... >> For additional commands, e-mail: users-help@... >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| Free embeddable forum powered by Nabble | Forum Help |
