在Apache上为mod_jk设置SSL到JBoss As

Question

我已将Apache配置为负载均衡器，以向JBoss发送http请求。但是，尝试添加https很难。我相信我需要使用虚拟主机。我需要证书和密钥文件，如果有人知道怎么做，请分享......

这是我的httpd（相关部分）：

#************************************************************ 
Listen 80
# For SSL configuration, add below line also.
Listen 443
# Include mod_jk configuration file
Include conf/mod-jk.conf
#************************************************************ 

这是我的mod-jk.conf：

#************************************************************      
LoadModule jk_module modules/mod_jk.so

LoadModule ssl_module modules/mod_ssl.so

JkWorkersFile conf/workers.properties

JkLogFile logs/mod_jk.log

JkLogLevel info

JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories

JkRequestLogFormat "%w %V %T"

JkMount /__application__/* loadbalancer

JkUnMount /__application__/images/* loadbalancer

JkMountFile conf/uriworkermap.properties

JkShmFile run/jk.shm

<Location /jkstatus>
JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.140.128
</Location>
#************************************************************ 

这是我的workers.properties：

 #************************************************************ 
    worker.list=loadbalancer,status

    worker.node1.port=8009
    worker.node1.host=192.168.140.128
    worker.node1.type=ajp13
    worker.node1.lbfactor=1
    worker.node1.prepost_timeout=10000 #Not required if using ping_mode=A
    worker.node1.connect_timeout=10000 #Not required if using ping_mode=A
    worker.node1.ping_mode=A #As of mod_jk 1.2.27

    worker.loadbalancer.type=lb
    worker.loadbalancer.balance_workers=node1
    worker.status.type=status
#************************************************************ 

这是我的server.xml（在JBoss中）：

   <Server>

   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
   <Listener className="org.apache.catalina.core.JasperListener" />
 <Service name="jboss.web">
      <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 
               connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8"/>
         <Connector port="8009" address="${jboss.bind.address}"
      emptySessionPath="true" enableLookups="false" redirectPort="8443" 
      protocol="AJP/1.3" connectionTimeout="600000" maxThreads="200"/>

     <Engine name="jboss.web" defaultHost="v-77-if-vm.us.nohsib.com" jvmRoute="node1">
         <Realm className="org.jboss.web.tomcat.security.JBossWebRealm"
            certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
            allRolesMode="authOnly"
            />

         <Host name="v-77-if-vm.us.nohsib.com"> 
            <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
                cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
                transactionManagerObjectName="jboss:service=TransactionManager" />

         </Host>
      </Engine>
   </Service>
</Server>

Answer 1

您必须将您的https配置添加到apache：

<IfModule ssl_module>
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM


#CA certificates for root and intermediate
SSLCACertificateFile "C:/production/certs/provider/providerRoot.crt"
SSLCertificateChainFile "C:/production/certs/provider/providerIntermediate.crt"

#Generated first via openssl; Server public and private keys.
SSLCertificateFile    "C:/production/certs/provider/your.crt"
SSLCertificateKeyFile "C:/production/certs/provider/your.key"
</IfModule>

然后，在相应的虚拟主机下，添加以下内容：

<VirtualHost *:443>
SSLEngine On

您可能还想查看使用重写启用https重定向：

RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]