users@glassfish.java.net

Re: Load balancer not changing protocol to https on https redirect

From: Kshitiz Saxena <Kshitiz.Saxena_at_Sun.COM>
Date: Tue, 03 Nov 2009 15:24:00 +0530

Hi,

I was able to try it now.

Since application is changing protocol from HTTP to HTTPS, you need to
set "rewrite-location" property in loadbalancer xml to false.

This is required even if you are using sun web-server.

Thanks,
Kshitiz

Kshitiz Saxena wrote:
> Thanks for the usecase. I will try it out and file an issue if it does
> not work.
>
> Thanks,
> Kshitiz
>
> JSolanu wrote:
>> I ended up setting up an instance of Sun's web server instead of
>> trying to
>> use Apache and everything seems to be working now.
>>
>> Example of what I was trying to do was
>> 1) Deploy an EAR with two url's http://<server>/index.jsp
>> http://<server>/ssl/index.jsp
>>
>> The root page had one link pointed to the path ssl/index.jsp
>>
>> The WEB.xml has a security constraint that requires the ssl url to
>> require ssl
>> <security-constraint>
>> <display-name>SSL Constraint</display-name>
>> <web-resource-collection>
>> <web-resource-name>ssl</web-resource-name>
>> <description/>
>> <url-pattern>/ssl/*</url-pattern>
>> <http-method>GET</http-method>
>> <http-method>POST</http-method>
>> <http-method>HEAD</http-method>
>> <http-method>PUT</http-method>
>> <http-method>OPTIONS</http-method>
>> <http-method>TRACE</http-method>
>> <http-method>DELETE</http-method>
>> </web-resource-collection>
>> <user-data-constraint>
>> <description/>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> </web-app>
>>
>> With apache when the link was selected for the ssl/index.jsp the port
>> changed but the protocol did not
>> With SJSWS when the link was selected both port and protocol changed.
>>
>>
>>
>> Kshitiz Saxena wrote:
>>
>>> Hi,
>>>
>>> Below setting should be sufficient to handle redirection.
>>>
>>> Can you provide exact details on what you want to achieve? Examples
>>> will be helpful.
>>>
>>> Also provide wireshark traces at application server instance.
>>>
>>> Thanks,
>>> Kshitiz
>>>
>>> JSolanu wrote:
>>>
>>>> Both are set at the HTTP Service level of the cluster
>>>> configuration. Is
>>>> there some other setting that needs to be set to to tell the server
>>>> that
>>>> 443
>>>> requires SSL?
>>>>
>>>> The HTTP listeners are setup as follows
>>>>
>>>> HTTP Service: Properties:
>>>> proxyHandler=com.sun.enterprise.web.ProxyHandlerImpl
>>>> authPassthroughEnabled=true
>>>>
>>>> http-listener-1
>>>> Listener: Enabled
>>>> Security: Disabled
>>>> Network Address: 0.0.0.0
>>>> Listener Port: ${HTTP_LISTENER_PORT}
>>>> Default Virtual Server: server
>>>> Redirect Port: 443
>>>> Acceptor Threads: 1
>>>> Powered By: Enabled
>>>> Blocking Disabled
>>>> Properties
>>>> proxiedProtocols: ws/tcp
>>>>
>>>> http-listener-2
>>>> Listener: Enabled
>>>> Security: Enabled
>>>> Network Address: 0.0.0.0
>>>> Listener Port: ${HTTP_SSL_LISTENER_PORT}
>>>> Default Virtual Server: server
>>>> Redirect Port: Acceptor Threads: 1
>>>> Powered By: Enabled
>>>> Blocking Disabled
>>>> Properties: None
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Kshitiz Saxena wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Have you set both authPassthroughEnabled and proxyHandler? If not,
>>>>> then please set them to "true" and
>>>>> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at
>>>>> http-service or http-listener level.
>>>>>
>>>>> Thanks,
>>>>> Kshitiz
>>>>>
>>>>> JSolanu wrote:
>>>>>
>>>>>> I'm attempting to configure the load balancer plug in for apache, it
>>>>>> seems to
>>>>>> be working for http traffic but if I goto a page that required HTTPS
>>>>>> the
>>>>>> port changes to 443 but the protocol remains HTTP.
>>>>>> I found some information at the following site which seems to
>>>>>> indicate
>>>>>> that if authPassthroughEnabled is true on the HTTP Service and
>>>>>> rewrite-location
>>>>>> is true on the load balancer configuration it should be changing the
>>>>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The
>>>>>> redirect
>>>>>> port on http-listener-1 is set to 443, HTTPS Routing is set to
>>>>>> false in
>>>>>> the
>>>>>> load balancer configuration.
>>>>>>
>>>>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view
>>>>>>
>>>>>>
>>>>>> Anyone have any ideas on what I might be missing to allow the 443
>>>>>> redirect
>>>>>> to also change the protocol? The build options and loadbalancer.xml
>>>>>> configuration I'm using are below.
>>>>>>
>>>>>> Using aslb-9.1.1-b13.jar Installed with instructions on
>>>>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish
>>>>>> Apache 2.2
>>>>>> export CFLAGS=-m32
>>>>>> export CPPFLAGS=-m32
>>>>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache
>>>>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy
>>>>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite
>>>>>> --enable-proxy-http --enable-http --enable-dav --enable-headers
>>>>>> --enable-mods-shared=all --with-included-apr
>>>>>> Glassfish v2.1
>>>>>> Installed to /apps/glassfish
>>>>>> Openssl 0.9.8k
>>>>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k
>>>>>> shared
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun
>>>>>> Java
>>>>>> System
>>>>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd">
>>>>>> <loadbalancer>
>>>>>> <cluster name="MyAppCluster" policy="round-robin">
>>>>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>>>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011"
>>>>>> name="app01" weight="100"/>
>>>>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>>>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021"
>>>>>> name="app02" weight="100"/>
>>>>>> <web-module context-root="/app" disable-timeout-in-minutes="30"
>>>>>> enabled="true"/>
>>>>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10"
>>>>>> url="/"/>
>>>>>> </cluster>
>>>>>> <property name="response-timeout-in-seconds" value="60"/>
>>>>>> <property name="reload-poll-interval-in-seconds" value="60"/>
>>>>>> <property name="https-routing" value="false"/>
>>>>>> <property name="require-monitor-data" value="true"/>
>>>>>> <property name="active-healthcheck-enabled" value="false"/>
>>>>>> <property name="number-healthcheck-retries" value="3"/>
>>>>>> <property name="rewrite-location" value="true"/>
>>>>>> </loadbalancer>
>>>>>> <!--
>>>>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009].
>>>>>> Debugging Tips:
>>>>>> By default, instances and web-modules are not enabled. Please enable
>>>>>> them
>>>>>> manually if you have not done that using asadmin.
>>>>>> -->
>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>>
>>>
>>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>