Some colleagues of mine were facing problems getting the HTTP/HTTPS clustering setup done for JBoss server. Although I have no experience on working with JBoss I decided to give it a try.
Note that my development environment is Windows. The first thing I did was get hold of JBoss 4.2.2GA installable. Why this one, because this is the one that I have!! I copied the installable twice on my machine’s D: drive, creating two JBoss homes namely D:\JBoss 4.2.2GA-1 and D:\JBoss 4.2.2GA-2. To get the clustering setup done I referred to JBoss documentation. The documentation is decent and assists in getting your setup right. Instructions regarding setting up HTTP related services can be found under section 1.5 titled “HTTP Services”.
First things first. Let us setup the load balancer. The load balancer is not part of the JBoss installable. JBoss uses the popular Apache Web server to assist it in achieving load balancing. The Apache web server’s jk module is used to forward all requests to the JBoss servlet container. Apache web server downloadable is available here. I have used Apache 2.0.52 and 2.0.55 for our demonstration. Per JBoss, any version in the range 2.0.x is acceptable. Next get hold of the JK module binaries from the site. I have used mod_jk-1.2.28-httpd-2.0.52.so. Please select the jk module version compatible to your Apache server. Detailed instructions of version compatibility are available on the download page. for e.g. for jk 1.2.28. Copy the JK module so file in the APACHE_HOME/modules folder.
Modify the APACHE_HOME/conf/httpd.conf and add the following lines at the end of the file.
1 |
# Include mod_jk's specific configuration file |
2 |
Include conf/mod-jk.conf |
Create a new mod-jk.conf file and copy the file in the APACHE_HOME/conf folder. The contents of the file are as below:
02 |
LoadModule jk_module modules/mod_jk-1.2.28-httpd-2.0.52.so |
04 |
# Where to find worker.properties |
05 |
JkWorkersFile conf/workers.properties |
07 |
# Where to put jk logs |
08 |
JkLogFile logs/mod_jk.log |
10 |
# Set the jk log level [debug/error/info] |
13 |
# Select the log format |
14 |
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" |
16 |
#JkOptions indicate to send SSK KEY SIZE |
17 |
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories |
20 |
JkRequestLogFormat "%w %V %T" |
22 |
# Mount your applications |
23 |
JkMount /* loadbalancer |
Ensure that the file name is as per the installable copied in the modules folder. As per the instructions in the clustering guide, the mod-jk.conf file should have a Location tag in it. I have removed the same as it is not supported by my older Apache server. You can add the same if required. The JkMount directive in the file configures the URL that needs to be redirected. Currently it is configured to reroute all URLs; feel free to customize if required.
Create a new worker.properties file. Contents are as below:
01 |
# Define list of workers |
02 |
worker.list=loadbalancer,status |
05 |
worker.node1.port=8009 |
06 |
worker.node1.host=localhost |
07 |
worker.node1.type=ajp13 |
08 |
worker.node1.lbfactor=1 |
09 |
worker.node1.cachesize=10 |
12 |
worker.node2.port=8109 |
13 |
worker.node2.host=localhost |
14 |
worker.node2.type=ajp13 |
15 |
worker.node2.lbfactor=1 |
16 |
worker.node2.cachesize=10 |
18 |
# Load balancing behaviour |
19 |
worker.loadbalancer.type=lb |
20 |
worker.loadbalancer.balance_workers=node1,node2 |
21 |
worker.loadbalancer.sticky_session=1 |
22 |
#worker.list=loadbalancer |
24 |
# Status worker for managing load balancer |
25 |
worker.status.type=status |
Note that the ports 8009 and 8109 are the JBoss AJP connector ports and not the HTTP ports. Copy the attached workers.properties in APACHE_HOME/conf folder. I have defined two nodes and am assuming both are located on the same machine.
The server.xml within JBOSS_HOME/server/default/deploy/jboss-web.deployer should have the following tag:
1 |
<Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3" |
2 |
emptySessionPath="true" enableLookups="false" redirectPort="8443" > |
This defines the AJP port.
This should be enough to get the JBOSS server running in clustered mode for HTTP.
I also needed to get the HTTPS setup rolling. Apparently Apache does not provide built-in SSL support. To achieve SSL support you will need to download the OpenSSL project and install it. An alternative is to get an integrated apache-openssl download from this site (The site was not available , hence I used downloads from the following site and got the openssl download from here.
An update: The Apache site provides a Windows binary with OpenSSL built-in. So you can use that one as well.
I am assuming that you have created the certificate using the tomcat(jboss) server. For my testing purposes I have created a self signed certificate using the Java utility keytool. The syntax for certificate creation is as below:
1 |
keytool -genkey -alias <aliasName> -keystore <keystore name> |
More clarity is available at this site.
Go to the server.xml file located within the <JBoss_home>\server\default\deploy\jboss-web.deployer folder. Search for a connector tag with the following description:
1 |
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" |
2 |
maxThreads="150" scheme="https" secure="true" |
3 |
clientAuth="false" sslProtocol="TLS" |
4 |
keystoreFile="D:\jboss-4.2.2GA-1\server\default\deploy\jboss-web.deployer\testing.keystore" |
5 |
keystorePass="testing"/> |
Add the new attributes keystoreFile and keystorePass in the connector tag. Do the same procedure for the other server. Change the port of this server. Add a new AJP connector both the server.xml files.
01 |
<Connector port="8019" address="${jboss.bind.address}" protocol="AJP/1.3" |
02 |
emptySessionPath="true" enableLookups="false" scheme="https" secure="true" redirectPort="8443" /> |
04 |
Note that two new attributes scheme and secure have been added in the AJP connector declaration. Ensure that the port number in use do not conflict with other port numbers. |
06 |
The Jboss servers are now ready to receive SSL requests. Now to set up the apache server for taking care of load balancing. If you have installed Apache using the URL provided above, the conf folder will have two files httpd.conf and ssl.conf. Open the conf files are check the ServerRoot and DocumentRoot paths. |
08 |
Make sure that following lines in the httpd.conf file are uncommented. |
09 |
[sourcecode language="text"] |
10 |
LoadModule ssl_module modules/mod_ssl.so |
Add the following lines at the end of the httpd.conf file
2 |
JkMount /* loadbalancer |
5 |
# Include mod_jk's specific configuration file |
6 |
Include conf/mod-jk.conf |
mod-jk.conf remains unchanged.
Unzip the OpenSSL.zip on the machine. Copy the libeay32.dll and ssleay32.dll in Windows\system32 folder of the machine.
The Tomcat keystore and Apache SSL certificates and keys are incompatible. They need to be converted into compatible certificate and key. For details around the conversion process refer the url.
Now you should be having the pem certificate and private key. Copy the files in a suitable folder and make relevant entries for them in the ssl.conf:
1 |
SSLCertificateFile /root/SSL_export/exported-pem.crt |
2 |
SSLCertificateKeyFile /root/SSL_export/exported.key |
The intermediate certificate is not required in case of self signed certificates.
Add the following statement within the VirtualHost tag of the ssl.conf file
1 |
JkMount /* loadbalancerSSL |
In ssl.conf file remove <IfDefine SSL> and </IfDefine> tags ensure that the ServerName, DocumentRoot are pointing to the correct folders. The workers.properties file is configured to handle 4 nodes, two for HTTP requests and two for HTTPS requests.
Here is the updated workers.properties file.
01 |
# Define list of workers |
02 |
worker.list=loadbalancer,loadbalancerSSL,status |
03 |
#worker.list=loadbalancer,status |
06 |
worker.node1.port=8009 |
07 |
worker.node1.host=localhost |
08 |
worker.node1.type=ajp13 |
09 |
worker.node1.lbfactor=1 |
10 |
worker.node1.cachesize=10 |
13 |
worker.node2.port=8109 |
14 |
worker.node2.host=localhost |
15 |
worker.node2.type=ajp13 |
16 |
worker.node2.lbfactor=1 |
17 |
worker.node2.cachesize=10 |
20 |
worker.node3.port=8019 |
21 |
worker.node3.host=localhost |
22 |
worker.node3.type=ajp13 |
23 |
worker.node3.lbfactor=1 |
24 |
worker.node3.cachesize=10 |
27 |
worker.node4.port=8119 |
28 |
worker.node4.host=localhost |
29 |
worker.node4.type=ajp13 |
30 |
worker.node4.lbfactor=1 |
31 |
worker.node4.cachesize=10 |
33 |
# Load balancing behaviour |
34 |
worker.loadbalancer.type=lb |
35 |
worker.loadbalancer.balance_workers=node1,node2 |
36 |
worker.loadbalancer.sticky_session=1 |
37 |
#worker.list=loadbalancer |
39 |
# Load balancing behaviour |
40 |
worker.loadbalancerSSL.type=lb |
41 |
worker.loadbalancerSSL.balance_workers=node3,node4 |
42 |
worker.loadbalancerSSL.sticky_session=1 |
43 |
#worker.list=loadbalancer |
45 |
# Status worker for managing load balancer |
46 |
worker.status.type=status |
The above configuration should be enough to get the JBoss running in a clustered environment for HTTP as well as HTTPS requests.
This post does not cover the portion for sticky session configuration.
Recent Comments