users@glassfish.java.net

Re: Load balancer not changing protocol to https on https redirect

From: Kshitiz Saxena <Kshitiz.Saxena_at_Sun.COM>
Date: Tue, 03 Nov 2009 16:45:46 +0530

Hi Jan,

I did some further deep digging into this query. In this scenario,
RealmAdapter sends a redirect due to security constraint. So a redirect
302 response is created. Since request is coming through web-server
acting as LB, so request "Host" header has web-server address and port.
Same is reflected in redirect url created. There is a huge mismatch as
web-server host name with application server instance ssl port is used
in combination.

For example :
Web-server is running on ws.abc.com, ports 48080, 48443
While Application-server instance on as.abc.com, ports 18080, 18181
Then redirect url is https://ws.abc.com:18181.

This will not work in any case.

Thanks,
Kshitiz

Jan Luehe wrote:
> On 10/26/09 03:51, Kshitiz Saxena wrote:
>> Hi,
>>
>> Have you set both authPassthroughEnabled and proxyHandler? If not,
>> then please set them to "true" and
>> "com.sun.enterprise.web.ProxyHandlerImpl" respectively at
>> http-service or http-listener level.
>
> Minor comment: Setting "authPassthroughEnabled" to "true" should be
> sufficient,
> in which case "com.sun.enterprise.web.ProxyHandlerImpl", which is the
> default
> ProxyHandler implementation, will be picked up.
>
>
> Jan
>
>
>>
>> Thanks,
>> Kshitiz
>>
>> JSolanu wrote:
>>> I'm attempting to configure the load balancer plug in for apache, it
>>> seems to
>>> be working for http traffic but if I goto a page that required HTTPS
>>> the
>>> port changes to 443 but the protocol remains HTTP. I found some
>>> information at the following site which seems to indicate that if
>>> authPassthroughEnabled is true on the HTTP Service and rewrite-location
>>> is true on the load balancer configuration it should be changing the
>>> protocol from HTTP to HTTPS but it doesn't seem to be working. The
>>> redirect
>>> port on http-listener-1 is set to 443, HTTPS Routing is set to false
>>> in the
>>> load balancer configuration.
>>>
>>> http://docs.sun.com/app/docs/doc/820-4341/abdgs?a=view
>>>
>>>
>>> Anyone have any ideas on what I might be missing to allow the 443
>>> redirect
>>> to also change the protocol? The build options and loadbalancer.xml
>>> configuration I'm using are below.
>>>
>>> Using aslb-9.1.1-b13.jar Installed with instructions on
>>> http://blogs.sun.com/kshitiz/entry/load_balancer_plugin_in_glassfish
>>> Apache 2.2
>>> export CFLAGS=-m32
>>> export CPPFLAGS=-m32
>>> ./configure --with-ssl=/apps/openssl-0.9.8k --prefix=/apps/apache
>>> --enable-ssl -enable-so --enable-rewrite --enable-proxy
>>> --enable-proxy-balancer --enable-proxy-ajp --enable-rewrite
>>> --enable-proxy-http --enable-http --enable-dav --enable-headers
>>> --enable-mods-shared=all --with-included-apr
>>> Glassfish v2.1
>>> Installed to /apps/glassfish
>>> Openssl 0.9.8k
>>> ./Configure linux-elf -m32 --openssldir=/apps/openssl-0.9.8k shared
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <!DOCTYPE loadbalancer PUBLIC "-//Sun Microsystems Inc.//DTD Sun
>>> Java System
>>> Application Server 9.1//EN" "sun-loadbalancer_1_2.dtd">
>>> <loadbalancer>
>>> <cluster name="MyAppCluster" policy="round-robin">
>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>> listeners="http://my.domain.com:11010 https://my.domain.com:11011"
>>> name="app01" weight="100"/>
>>> <instance disable-timeout-in-minutes="30" enabled="true"
>>> listeners="http://my.domain.com:11020 https://my.domain.com:11021"
>>> name="app02" weight="100"/>
>>> <web-module context-root="/app" disable-timeout-in-minutes="30"
>>> enabled="true"/>
>>> <health-checker interval-in-seconds="30" timeout-in-seconds="10"
>>> url="/"/>
>>> </cluster>
>>> <property name="response-timeout-in-seconds" value="60"/>
>>> <property name="reload-poll-interval-in-seconds" value="60"/>
>>> <property name="https-routing" value="false"/>
>>> <property name="require-monitor-data" value="true"/>
>>> <property name="active-healthcheck-enabled" value="false"/>
>>> <property name="number-healthcheck-retries" value="3"/>
>>> <property name="rewrite-location" value="true"/>
>>> </loadbalancer>
>>> <!--
>>> This file was generated on: [Sun Oct 25 20:13:40 GMT+00:00 2009].
>>> Debugging Tips:
>>> By default, instances and web-modules are not enabled. Please enable
>>> them
>>> manually if you have not done that using asadmin.
>>> -->
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>