users@glassfish.java.net

Re: Http Load Balancer question

From: Kshitiz Saxena <Kshitiz.Saxena_at_Sun.COM>
Date: Tue, 16 Feb 2010 09:11:58 +0530

Hi,

Yes, these proxy headers indicate that request received by IIS was over
HTTPS. When you enable auth-passthrough, it will be correctly reflected
at application server as well.

Thanks,
Kshitiz

On Tuesday 16 February 2010 03:23 AM, Xin Guo wrote:
> Hi Kshitiz and Experts,
>
> I got some more debugging info about this issue: I put a snoop jsp in
> the app server, without enabling the authPassthroughEnabled parameter.
> I discovered that the IIS http load balancer plugin indeed passed the
> following custom headers to app server:
> proxy-ip: xxx.xxx.xxx.xxx
> proxy-keysize: 128
> proxy-secret-keysize : 1024
> proxy-jroute: -cfD
>
> I assume this should be enough for the app server to make a decision,
> once the authPassthroughEnabled is set to true? We are using Sun App
> Server 9.2 in non-cluster mode.
>
> Thanks,
>
> Xin Guo wrote:
>> Hi Kshitiz,
>>
>> Just tested setting authPassthroughEnabled to ture on app server, and
>> when I try to access the app server through the IIS lb plugin, I got
>> a 500 server internal error. But the server admin console are sitll
>> working, so I quickly removed this change. But still got the HTTP 500
>> error.
>> Looks like this change has caused app server to crash. Do I have to
>> specify "proxyHandler" (I read that it will be pick up automatically).
>>
>> Again, a little bit of background info:
>>
>> - App Server in stand alone mode (no cluster, so HTTP load balancer
>> didn't show up in admin console), on non-ssl port
>> - IIS with HTTP LB plugin, run on ssl port. It was able to send the
>> http traffic to the app server, on the non-ssl port.
>> - The problem: I want the app server to know the protocol (http vs.
>> https) .
>> - In IIS's loadbalaner.xml, the following are defined:
>> <property name="rewrite-location" value="true"/>
>> <property name="https-routing" value="false"/>
>>
>> Any ideas?
>>
>> Thanks a lot,
>>
>> Kshitiz Saxena wrote:
>>> Hi,
>>>
>>> The load-balancer plugin installed on IIS will take care of encoding
>>> and passing required parameters to application server. You need to
>>> enable enable auth-passthrough using property authPassthroughEnabled
>>> on application server.
>>>
>>> rewrite-location is only used for redirection.
>>>
>>> Thanks,
>>> Kshitiz
>>>
>>> On Thursday 11 February 2010 11:08 PM, Xin Guo wrote:
>>>> Hi,
>>>>
>>>> We are using Sun App Server 9.1 (Glassfish 2.1.1), which is fronted
>>>> by Windows IIS server with HTTP Load Balancer plug-in provided by
>>>> app server 9.1. We want to terminate HTTPS on the
>>>> IIS/http-load-balancer, and use only http on Sun App Server 9.1.
>>>>
>>>> The problem is, the app server then has no idea about the protocol
>>>> of the original request, and will tell the web applications running
>>>> inside to use http://hostname:80 to form absolute URL.
>>>>
>>>> Is there any way to overcome this issue? We have the following
>>>> properties defined in the IIS loadbalancer.xml:
>>>> <property name="rewrite-location" value="true"/>
>>>> <property name="https-routing" value="false"/>
>>>>
>>>> I read that authPassthroughEnabled property might be helpful, but
>>>> then its default implementation requires the IIS to pass back
>>>> certain custom http headers. We don't have control on IIS, so
>>>> that's unlikely to happen.
>>>>
>>>> Please let me know if you have solved similar problems in the past.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>