11 Replies Latest reply on Apr 28, 2014 3:37 PM by dyegomb

    How do I link a server-group to a virtualhost

    joffer

      My environment:

      JBoss AS71 - seperate domain master and two domain slaves.

      Apache Frontend with mod_cluster

      I can't use multicast (and mod_advertise), so I have ProxyList defined in profile on master. I also have two nics on the server at this time since there is a freeze on firewall changes during the summer, but that shouldn't have much to say.

      IP addresses are imaginary... ;-)

      JBoss AS71 Master-Slave-Apache v2.png

      I intend to have three named vhosts on the apache frontend.

       

      frontend.prod.local (i will make this only available for our company)

      - Configured with <Location /cluster-manager> + SetHandler mod_cluster-manager for management/stats/info

       

      extranet.domain.com (available from the internet)

      - serve the applications that are deployed to server-group 'extranet'

       

      intranet.domain.com (i will make this only available for our company. Maybe I'll fqdn to intranet.prod.local, anyway not important)..

      - serve the applications that are deployed to server-group 'intranet'

       

      My /cluster-manager displayes both nodes twice, one for each server-group at the moment, but only extranet is working with my deployed apps, a test app deployed to each server-group with different web contect: /cluster-test-extranet  and /cluster-test-intranet. trying 'intranet' gives me HTTP 503 and error

      "ERROR [org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Error [MEM: MEM: Can't read node: {4}] sending command STATUS to proxy slave01.prod.local/10.0.0.101:10001, configuration will be reset"

       

      I have added instance-id to the web subsystem:

      <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" instance-id="${jboss.node.name}" native="true">

       

      My first question:

      How do I link each server-group to a VirtualHost? I see from my cluster-manager page both servergroups uses balancer "mycluster" and aliases for all nodes/groups are 'default-host' and 'localhost'. Do these settings have anything to do with this (and how do I fix/change this)?

       

      Edit/new question:

      Is the balancer named in the profile the same ManagerBalancerName? If it is, then it looks like I have to have a seperate profile for what I want to accomplish..??

        • 1. Re: How do I link a server-group to a virtualhost
          joffer

          I think my error in the log about not reading the node was fixed. I had forgotten to open the local firewall for the offset port..

          • 2. Re: How do I link a server-group to a virtualhost
            rhusar

            Maybe I am a bit off, but I personally wouldn't feel confident with exposing some internal web app into something that is open to the internet. You never know when a new security hole pop-out. If I understood correctly that is what you are trying to do: the same HTTPd node would server the external and internal web apps.

             

            I would employ for this 2 separate HTTPd instances for this:

            • one being open to the internet and serving solely external content. It could provide some redirect to the internal server, so the users can still use a common URL.
            • the other one being only open to the intranet and only serving intrarnal web app.

             

            Rado

            • 3. Re: How do I link a server-group to a virtualhost
              joffer

              Thats true from a security perspective, and I will evaluate that against my fw/deny/++ settings.

               

              Anyway, how can I force one server group to publish/be used by one vhost and the other group with another vhost?

               

              I just found this article (http://blog.akquinet.de/2012/07/19/scalable-ha-clustering-with-jboss-as-7-eap-6/ and I see I can add system properties to each server group, so that is maybe the answer some how? Set a seperate balancer name and use ManagerBalancerName for each vhost maybe? Haven't read all the article yet (still reading)..

              • 4. Re: How do I link a server-group to a virtualhost
                rhusar

                Well naively you can achieve this by adding a deny rule on the VirtualHost with a public IP. Of course that would be very insecure since if yuu would add a new context it would be automatically exposed to the Internet.

                  <Location /internal>

                    Order allow,deny

                    Deny from all

                  </Location>

                Is that what you would want?

                • 5. Re: How do I link a server-group to a virtualhost
                  joffer

                  No I know how to secure and configure Apache and their normal modules. I'm just trying to figure out how to configure jboss and mycluster so I can force one server group to only answer/map to one specific virtual host and another server group to another virtual host. Like applications in server-group 'extranet' only are available for extranet.domain.com/context and applications in server-group 'intranet' only are available for intranet.prod.local.

                   

                  Looks like I can set some server-group properties for each group. Can I define a balancer name for each, and then use ManagerBalancerName to link it in the vhosts?

                   

                  Edit:

                  I just looked around in the schema for modcluster 'jboss-as-mod-cluster_1_0.xsd' and found this:

                   

                      <xs:attribute name="balancer" type="xs:string" use="optional">

                        <xs:annotation>

                          <xs:documentation>The balancer name. All nodes of a cluster have to use the same value.</xs:documentation>

                        </xs:annotation>

                      </xs:attribute>

                   

                  Doesn't look like the way I want this to work is possible?

                  • 6. Re: How do I link a server-group to a virtualhost
                    joffer

                    So is there no way to force servergroup1 with vhost1 and servergroup2 with vhost2?

                    • 7. Re: How do I link a server-group to a virtualhost
                      rhusar

                      I can force one server group to only answer/map to one specific virtual host and another server group to another virtual host.

                       

                      Great. So if you put it that way, all you can use is use alias property and map only one alias to one server group and so on.

                       

                      • enable this option (which is disabled (=0) by default) you have to set it to 1

                      UseAlias 1

                       

                      • assign ServerName to VirtualHost-s in HTTPd
                      • assign Aliases in your server configuration (JBoss Web)

                      http://docs.jboss.org/mod_cluster/1.2.0/html_single/#d0e505

                       

                       

                      Yes. and it is also possible to have a balancer for each VirtualHost and create a balancer in httpd.conf -- but note that only one can receive MCMP messages.

                      http://docs.jboss.org/mod_cluster/1.2.0/html_single/#d0e485

                       

                       

                      Let us know how it goes...

                       

                      Rado

                      • 8. Re: How do I link a server-group to a virtualhost
                        joffer

                        Did you take my sentence out of context? The whole sentence was

                        I'm just trying to figure out how to configure jboss and mycluster so I can force one server group to only answer/map to one specific virtual host and another server group to another virtual host.

                        So I hadn't managed to force this. But what you say looks promising about aliases.

                         

                        But I'm not completly sure how to set the alias on the jboss for my server groups. Using the management webgui I see that the aliases are set in the profile, so how can I set it on the server group instead?

                         

                        1) Do I need to set the aliases in Profile > Web > Servlet/HTTP > Virtual Servers first? It wants me to set a default module as well. So I need a default module?

                        2) How do I set the aliases for my server groups? Do I set a System Property for each group? (Server Groups > Group Configuration > [Select group] > System Properties? what are the key for alias?

                        • 9. Re: How do I link a server-group to a virtualhost
                          joffer

                          I hate to bump this, but I'm really stuck..

                          • 10. Re: How do I link a server-group to a virtualhost
                            joffer

                            Is there really no way I can get servergroup to differenciate for seperate vhosts with modcluster?

                             

                            servergroup-extranet --> vhost: extranet.mydomain.no/external-app1

                            servergroup-intranet --> vhost: intranet.localdomain.local/internal-app1

                            • 11. Re: How do I link a server-group to a virtualhost
                              dyegomb