4 Replies Latest reply: May 14, 2013 2:58 PM by Kristina Clair RSS

How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss

jairo.gubler Newbie

Is there some article describing how to configure JBoss 7 + httpd + mod_cluster with ssl?         

 

I found this document, but it think its using an older JBoss version:

http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html

 

Thanks!

  • 1. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
    Radoslav Husar Master

    If you have problems setting up you might be running into a known issue, https://issues.jboss.org/browse/AS7-3869 will be fixed in next realease.

  • 2. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
    jairo.gubler Newbie

    My difficulty is about the whole configuration. It's not easy to understand all the steps needed to configure SSL when using httpd/mod_cluster with JBoss.

     

    I'm a little confused about the digital certificate files.

     

    Some of my configuration files:

     

    === httpd.conf ====

    <IfModule manager_module>

      Listen 192.168.171.129:8888

      ManagerBalancerName test

      <VirtualHost 192.168.171.129:8888>

        <Location />

         Order deny,allow

         Deny from all

         Allow from 192.168.

        </Location>

        KeepAliveTimeout 300

        MaxKeepAliveRequests 0

        ServerAdvertise on

        #ServerAdvertise on http://@IP@:6666

        AdvertiseFrequency 5

        #AdvertiseSecurityKey secret

        #AdvertiseGroup @ADVIP@:23364

        EnableMCPMReceive

     

        <Location /mod_cluster_manager>

           SetHandler mod_cluster-manager

           Order deny,allow

           Deny from all

           Allow from 192.168.

        </Location>

      </VirtualHost>

      Listen 6666

      <VirtualHost 192.168.171.129:6666>

         SSLEngine on

         SSLCipherSuite AES128-SHA:ALL:!ADH:!LOW:!MD5:!SSLV2:!NULL

         SSLCertificateFile conf/server.crt

         SSLCertificateKeyFile conf/server.key

         SSLCACertificateFile conf/server-ca.crt

         SSLVerifyClient require

         SSLVerifyDepth  10

      </VirtualHost>

    </IfModule>

     

    SSLProxyEngine On

    SSLProxyVerify require

    SSLProxyCACertificateFile conf/cacert.pem

    SSLProxyMachineCertificateFile conf/proxy.pem

     

    ==== error_log (apache httpd) ====

    [Wed Mar 07 13:50:46 2012] [warn] no client certs found for SSL proxy

     

     

    ========= standalone-full-ha.xml ==========================

                <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">

                    <ssl name="ssl" key-alias="jboss" password="xxxxxxx" protocol="ALL" verify-client="false" certificate-file="/opt/CERTS/jboss_ssl.keystore"/>

                </connector>

     

    =====================================================

  • 3. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
    traian20 Newbie

    I also find extremely difficult to understand all the required steps needed to configure the SSL communication between HTTPD and Jboss7.1.x.

    The entire mod_cluster documentation is JbossWEB centered (http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html#createsc)

    Can someone point out which steps need to be taken, on the HTTPD side(httpd.conf ) and on Jboss7 side (modcluster subsystem configuration, HTTPS connector,...) ?

  • 4. Re: How to configure JBoss 7 + httpd + mod_cluster with ssl between httpd and JBoss
    Kristina Clair Newbie

    I am also having this issue. I was able to set up the apache end, but it's not at all clear where to put the ssl settings in the JBoss AS 7.x standalone.xml or domain.xml file.