4 Replies Latest reply on May 14, 2013 2:58 PM by kclair-rei

    How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss

    jairo.gubler

      Is there some article describing how to configure JBoss 7 + httpd + mod_cluster with ssl?         

       

      I found this document, but it think its using an older JBoss version:

      http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html

       

      Thanks!

        • 1. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
          rhusar

          If you have problems setting up you might be running into a known issue, https://issues.jboss.org/browse/AS7-3869 will be fixed in next realease.

          • 2. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
            jairo.gubler

            My difficulty is about the whole configuration. It's not easy to understand all the steps needed to configure SSL when using httpd/mod_cluster with JBoss.

             

            I'm a little confused about the digital certificate files.

             

            Some of my configuration files:

             

            === httpd.conf ====

            <IfModule manager_module>

              Listen 192.168.171.129:8888

              ManagerBalancerName test

              <VirtualHost 192.168.171.129:8888>

                <Location />

                 Order deny,allow

                 Deny from all

                 Allow from 192.168.

                </Location>

                KeepAliveTimeout 300

                MaxKeepAliveRequests 0

                ServerAdvertise on

                #ServerAdvertise on http://@IP@:6666

                AdvertiseFrequency 5

                #AdvertiseSecurityKey secret

                #AdvertiseGroup @ADVIP@:23364

                EnableMCPMReceive

             

                <Location /mod_cluster_manager>

                   SetHandler mod_cluster-manager

                   Order deny,allow

                   Deny from all

                   Allow from 192.168.

                </Location>

              </VirtualHost>

              Listen 6666

              <VirtualHost 192.168.171.129:6666>

                 SSLEngine on

                 SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL

                 SSLCertificateFile conf/server.crt

                 SSLCertificateKeyFile conf/server.key

                 SSLCACertificateFile conf/server-ca.crt

                 SSLVerifyClient require

                 SSLVerifyDepth  10

              </VirtualHost>

            </IfModule>

             

            SSLProxyEngine On

            SSLProxyVerify require

            SSLProxyCACertificateFile conf/cacert.pem

            SSLProxyMachineCertificateFile conf/proxy.pem

             

            ==== error_log (apache httpd) ====

            [Wed Mar 07 13:50:46 2012] [warn] no client certs found for SSL proxy

             

             

            ========= standalone-full-ha.xml ==========================

                        <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">

                            <ssl name="ssl" key-alias="jboss" password="xxxxxxx" protocol="ALL" verify-client="false" certificate-file="/opt/CERTS/jboss_ssl.keystore"/>

                        </connector>

             

            =====================================================

            • 3. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
              traian20

              I also find extremely difficult to understand all the required steps needed to configure the SSL communication between HTTPD and Jboss7.1.x.

              The entire mod_cluster documentation is JbossWEB centered (http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html#createsc)

              Can someone point out which steps need to be taken, on the HTTPD side(httpd.conf ) and on Jboss7 side (modcluster subsystem configuration, HTTPS connector,...) ?

              • 4. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
                kclair-rei

                I am also having this issue. I was able to set up the apache end, but it's not at all clear where to put the ssl settings in the JBoss AS 7.x standalone.xml or domain.xml file.