我正在使用Apache 2.4.6运行CentOS 7。我正在尝试使用mod_cluster 1.2.6创建Wildfly / JBoss集群。我已经在Mac OSX上成功实现了这一点,我只是想在我们的服务器环境中运行它。
我的群集和虚拟主机配置如下所示:
LoadModule slotmem_module modules/mod_slotmem.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so
LoadModule manager_module modules/mod_manager.so
MemManagerFile /var/cache/httpd
<VirtualHost *:80>
<Directory />
Order deny,allow
Allow from all
</Directory>
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ManagerBalancerName myBalancer
ServerAdvertise On
AdvertiseFrequency 3
EnableMCPMReceive
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
Order deny,allow
Allow from all
</Location>
</VirtualHost>
服务器启动正常,但是当我尝试访问http://localhost/mod_cluster-manager时,我得到403说拒绝权限。以下是我的error_log文件中的确切消息:
[Wed Jul 30 11:53:21.547109 2014] [authz_core:error] [pid 6012] [client 127.0.0.1:36425] AH01630: client denied by server configuration: /mod_cluster-manager
我没有遇到任何这样的问题让它在OSX上工作,所以我不完全确定问题是什么或为什么我得到403.据我理解,Allow from all指令应该足以在通过localhost连接时授予我访问权限。有没有其他人碰到类似的东西?我错过了什么吗?
答案 0 :(得分:8)
是的,但修复是微不足道的:Apache HTTP Server 2.4.x采用mod_authz系统,需要稍微不同的配置,例如:
仅允许来自内部网络10.10的EnableMCPMReceive活动VirtualHost中的工作节点的MCMP消息:
<Directory />
Require ip 10.10.
</Directory>
或开发更方便:
<Directory />
Require all granted
</Directory>
无论如何,这是Apache HTTP Server 2.4.x的默认配置示例之一:
# Load mod_cluster modules
# Please, note:
# - mod_cluster cannot coexist with proxy_balancer_module; disable it
# - mod_cluster needs proxy_module and proxy_ajp_module loaded for AJP transport
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule advertise_module modules/mod_advertise.so
# Place for slotmem files
MemManagerFile cache/mod_cluster
<IfModule manager_module>
## We suggest to use a restricted VirtualHost
## for receiving MCPM (Mod Cluster Protocol Message) from worker nodes.
Listen 6666
<VirtualHost *:6666>
<Directory />
Require ip 127.0.0.1
</Directory>
## Apache HTTP Server advertises its presence
## on 224.0.1.105:23364 by default.
ServerAdvertise on
EnableMCPMReceive
## Management and monitoring console
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
Require ip 127.0.0.1
</Location>
</VirtualHost>
</IfModule>
请注意,mod_cluster 1.2.6.Final已过时,它包含几个已在较新版本中修复的与性能和安全相关的错误。
绝对下载mod_cluster 1.3.1.Final binaries或使用mod_cluster 1.3.1.Final Apache HTTP Server enabled load balancer Docker image。您也可以自己编译模块;就Linux环境而言,Dockerfile内容可能会指导您。
答案 1 :(得分:0)
您的版本已降级。请尝试使用如下:
<Directory />
Order deny,allow
Deny from all
Allow from all
Require all granted
</Directory>
答案 2 :(得分:0)
获取错误响应“ 您无权访问此服务器上的mod_cluster_manager ”尝试访问管理URL:http://myHttpd:6666/mod_cluster_manager
Apache 2.4 mod_cluster 1.3要求我配置基本身份验证。
转到$ HTTPD_HOME / bin并创建一个登录帐户,例如“管理员”如下:
./htpasswd -c /etc/httpd/modclusterpassword admin
然后,在/etc/httpd/conf/httpd.conf或其子包含文件之一(例如/etc/httpd/conf.d/mod_cluster.conf)中,找到您现在应该拥有的部分:
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
AuthType Basic
AuthName "MCM"
AuthUserFile /etc/httpd/modclusterpassword
Require user admin
Order deny,allow
Deny from all
Allow from all
</Location>
并重新启动HTTPD服务。
现在转到http://myHttpd:6666/mod_cluster_manager,将提示您登录。使用“ admin”和上面通过“ htpasswd”交互提供的密码。