Skip Headers
Oracle GlassFish Server High Availability Administration Guide
Release 3.1.2

Part Number E24934-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

7 Configuring Web Servers for HTTP Load Balancing

This chapter explains how to install the GlassFish Loadbalancer Plug-In. This chapter also explains how to perform the configuration steps that may be required for your particular web server before installing the Loadbalancer Plug-In.

The Loadbalancer Plug-In is available for separate download for customers who are using Oracle GlassFish Server 3.1.2. Note that the Loadbalancer Plug-In is not available for GlassFish Server Open Source Edition 3.1.2.

The Loadbalancer Plug-In is shipped as a ZIP bundle that you install after installing and configuring GlassFish Server and your desired web server. The plug-in is installed by means of a graphical GlassFish Loadbalancer Configurator that helps you configure your web server and GlassFish Server to work together.

In most cases, the GlassFish Loadbalancer Configurator automatically configures GlassFish Server and your web server, and no manual intervention is required. However, depending on your web server configuration, there may be some manual configuration steps that you need to perform after installing the Loadbalancer Plug-In.

The following topics are addressed here:

Supported Operating Systems and Web Servers

The Loadbalancer Plug-In supports the following operating system and web server combinations:

Solaris 9/10 SPARC, Solaris 9/10 x86
  • Oracle iPlanet Web Server 7.0 Update 9+ (32-bit)

  • Oracle iPlanet Web Server 7.0 Update 9+ (64-bit) (beginning in GlassFish Server 3.1.1)

  • Apache HTTP Server 2.2.x (32-bit)

  • Apache HTTP Server 2.2.x (64-bit) (beginning in GlassFish Server 3.1.1)

  • Oracle HTTP Server 11.1.1.4+ (32-bit)

  • Oracle HTTP Server 11.1.1.4+ (64-bit) (beginning in GlassFish Server 3.1.1)

Oracle Enterprise Linux 4/5, Red Hat Enterprise Linux 4/5, SUSE Linux Enterprise Linux 4/5
  • Oracle iPlanet Web Server 7.0 Update 9+ (32-bit)

  • Oracle iPlanet Web Server 7.0 Update 9+ (64-bit) (beginning in GlassFish Server 3.1.1)

  • Apache HTTP Server 2.2.x (32-bit)

  • Apache HTTP Server 2.2.x (64-bit) (beginning in GlassFish Server 3.1.1)

  • Oracle HTTP Server 11.1.1.4+ (32-bit)

  • Oracle HTTP Server 11.1.1.4+ (64-bit) (beginning in GlassFish Server 3.1.1)

Microsoft Windows 2008 R2
  • Oracle iPlanet Web Server 7.0 Update 9+ (32-bit)

  • Microsoft IIS 7.5+ (32-bit; 64-bit with 32-bit application support enabled)

AIX
  • Oracle iPlanet Web Server 7.0 Update 9+ (32-bit) (beginning in GlassFish Server 3.1.1)

  • Apache HTTP Server 2.2.x (32-bit) (beginning in GlassFish Server 3.1.1)

  • Oracle HTTP Server 11.1.1.4+ (32-bit) (beginning in GlassFish Server 3.1.1)

HP-UX

Not supported.

Configuring Oracle iPlanet Web Server

The GlassFish Loadbalancer Configurator automatically performs the necessary configurations for the Oracle iPlanet Web Server. The Loadbalancer Plug-In supports Oracle iPlanet Web Server 7.0 Update 9+.

The manual configuration procedure in this section is only required if you plan on using the load balancer Auto Apply feature. The Auto Apply feature enables changes made to a configuration through the GlassFish Server Administration Console or from the command line with the apply-http-lb-changes subcommand to be automatically sent over the wire to the web server configuration directory. To use the Auto Apply feature, you must configure the web server for SSL mode. This SSL configuration must be performed on the web server prior to installing the Loadbalancer Plug-In. If you will not be using the load balancer Auto Apply feature, you can skip this SSL configuration procedure.

To Set up the HTTP Load Balancer in SSL Mode for Oracle iPlanet Web Server 7

Before You Begin

The Loadbalancer Plug-In does not support iPlanet Web Server administration passwords that are less than 8 characters in length. Ensure that the administration password you use for your iPlanet Web server configuration is eight or more characters long.

  1. Create the NSS database using the following command. This step is not needed if the NSS database exists. Make sure that you type the command in a single line.

    webserver-install-dir/bin/certutil -N -d 
    webserver-install-dir/admin-server/config-store/config-name/config
    

    When prompted, provide the NSS database password.

  2. Start the Admin Server.

    The command for starting the Admin Server depends on your operating system. For example, on Windows systems:

    webserver-install-dir\admin-server\bin\startserv.bat
    
    webserver-install-dir

    The name of the directory in which the web server is installed.

  3. Create a self-signed certificate.

    Enter the following command on a single line:

    webserver-install-dir/bin/wadm create-selfsigned-cert --user=
    admin-user --server-name=host-name 
    --nickname=ServerCert --token=internal --config=config-name
    

    Refer to your web server documentation for complete instructions on the wadm command.

  4. Create an HTTP listener.

    Enter the following command on a single line:

    webserver-install-dir/bin/wadm create-http-listener 
    --user=admin-user --server-name=host-name 
    --default-virtual-server-name=default-virtual-server-name 
    --listener-port=8090 --config=config-name http-listener-ssl
    
  5. Enable the SSL and assign the certificate.

    Enter the following command on a single line:

    webserver-install-dir/bin/wadm set-ssl-prop 
    --user=admin-user --http-listener=http-listener-ssl 
    --config=config-name enabled=true server-cert-nickname=ServerCert
    
  6. Deploy the configuration to the web server.

    webserver-install-dir/bin/wadm deploy-config config-name
    

    The wadm commands operate on the central configuration, so the web server will not use the changes until they are deployed.

  7. Proceed with the instructions in Installing the Loadbalancer Plug-In.

Configuring Apache HTTP Server

The GlassFish Loadbalancer Configurator automatically performs the necessary configurations for the Apache HTTP Server. The Loadbalancer Plug-In supports Apache HTTP Server 2.2.x.

You must compile Apache HTTP Server with SSL support if you plan on using the load balancer Auto Apply feature. SSL configuration must be performed on the web server prior to installing the Loadbalancer Plug-In. The Auto Apply feature enables changes made to a configuration through the GlassFish Server Administration Console or from the command line with the apply-http-lb-changes subcommand to be automatically sent over the wire to the web server configuration directory. If you will not be using the load balancer Auto Apply feature, you can skip the SSL configuration portions of these procedures.

The following topics are addressed here:

Configuring Apache Before Installing the GlassFish Loadbalancer Plug-In

To use SSL mode in Apache, you must compile and build your Apache installation from the Apache source files with SSL enabled. This section describes the minimum requirements and high-level steps needed to successfully compile Apache HTTP Server to run the Loadbalancer Plug-In. These requirements and steps only apply to the Solaris and Linux versions of the software. The Windows version of Apache is not supported.

There are two tasks that you need to perform here to configure Apache with SSL support before installing the Loadbalancer Plug-In:

Note:

The instructions included here are adapted from the Apache HTTP Server documentation at http://httpd.apache.org/docs. For more detailed instructions on building and installing Apache HTTP Server with SSL support, please refer to the Apache documentation.

To Build and Install Apache With SSL Support

The procedure explains how to download OpenSSL and Apache HTTP Server 2.2.x software, and then how to build Apache HTTP Server with SSL support.

  1. Download and unpack the OpenSSL software source files.

    Note that 32-bit OpenSSL is needed when running 32-bit Apache HTTP server.

  2. Compile and build OpenSSL.

    For full installation instructions, see the file named INSTALL in the directory where you uncompressed OpenSSL. That file has information on installing OpenSSL in a user-specified location.

    For more information about OpenSSL, see the OpenSSL Web site.

  3. Download and unpack Apache HTTP Server 2.2.x software.

    Apache is available from http://httpd.apache.org.

  4. Compile and build Apache.

    Be sure to enter the entire "./configure ..." command on a single line.

    • For 32-bit:

      cd http-2.2_x
      export CFLAGS="-m32"
      ./configure --with-mpm=worker --with-included-apr --with-ssl=open-ssl-install-path 
      --prefix=apache-install-path --enable-ssl --enable-so
      
    • For 64-bit:

      cd http-2.2_x
      export CFLAGS="-m64"
      export LDFLAGS="-m64"
      export LD_LIBRARY_PATH=/usr/lib/64:/usr/sfw/lib/64
      ./configure --with-mpm=worker --with-included-apr --with-ssl=open-ssl-install-path 
      --prefix=apache-install-path --enable-ssl --enable-so
      CC=/usr/dist/share/sunstudio_sparc/SUNWspro/bin/cc
      

    In the above commands:

    http-2.2_x

    Apache package name including version number; replace x with the actual dot release number of the package you are using

    --with-mpm=worker

    Enable multithreading support

    --with-included-apr

    Also build the Apache Portable Runtime (APR)

    --with-ssl open-ssl-install-path

    Full path to the directory in which OpenSSL is installed

    --prefix apache-install-path

    Full path the directory in which Apache will be built

    --enable-ssl

    Enable support for SSL/TLS

    --enable-so

    Enable Dynamic Shared Object (DSO) module capability

    Note that you only need to use the --enable-ssl, --enable-so, and --with-ssl options if your Apache server will be accepting HTTPS requests or using the Auto Apply feature.

  5. Compile Apache as described in the installation instructions for the version you are using.

    For more information, see the Apache Web site.

    In general, the steps are:

    1. make

    2. make install

  6. Proceed with the instructions in To Create a Security Certificate for Apache.

To Create a Security Certificate for Apache

These steps are required to support HTTPS requests and the Auto Apply feature on the Apache HTTP Server.

For detailed information on setting up a security certificate on Apache, see the instructions on http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html and http://www.modssl.org/docs/2.8/ssl_faq.html . The following procedure is adapted from those web sites.

  1. Set up the following environment variable:

    OPENSSL_CONF=open-ssl-installation-directory/apps/openssl.cnf.

  2. Create the server certificate and key by executing the following command:

    openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

    When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

    This command creates newreq.pem.

  3. Open the newly-created newreq.pem from the location where the openssl command was run.

  4. Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in apache-install-dir/conf/server.crt.

    For example:

    -----BEGIN CERTIFICATE-----
    ....
    ...
    -----END CERTIFICATE-----
    
  5. Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in apache-install-dir/conf/server.key.

    For example:

    -----BEGIN RSA PRIVATE KEY-----
    ...
    ...
    ...
    -----END RSA PRIVATE KEY-----
    
  6. Make sure that the variables SSLCertificateKeyFile and SSLCertificateFile in apache-install-dir/conf/extra/httpd-ssl.conf have the correct values.

  7. Ensure that the ServerName is not www.example.com.

    The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.

  8. Proceed with the instructions in Installing the Loadbalancer Plug-In.

  9. After installing the Loadbalancer Plug-In, proceed with the instructions in Configuring Apache After Installing the GlassFish Loadbalancer Plug-In.

Configuring Apache After Installing the GlassFish Loadbalancer Plug-In

This section explains the additional Apache HTTP Server configuration steps that are required after you install the GlassFish Loadbalancer Plug-In.

The following topics are addressed here:

Configuring Security Files to Work With the Load Balancer

The Loadbalancer Plug-In requires access to NSS libraries. To enable this access, append the name of the directory that contains the NSS libraries to the LD_LIBRARY_PATH in the apache-install-dir/bin/envvars file. On most UNIX platforms, the NSS libraries are located in the /usr/lib/mps directory.

You may also need to add the following lines to the apache-install-dir/bin/envvars file if GlassFish Server reports that the HTTPS listeners are not healthy.

NSS_STRICT_NOFORK=DISABLED
export NSS_STRICT_NOFORK

These lines may be required because the latest NSS libraries do not allow NSS forking. Adding these lines enables NSS forking.

Providing Access Permissions to Apache User

Ensure that the Apache user has the required access permissions to the apache-install-location/conf/ directory and files in this directory. The Apache user is the UNIX user under which the Apache server responds to requests. This user is defined in the file httpd.conf. If you installed Apache as a root user, read the note about configuring the Apache user and group in apache-install-location/conf/httpd.conf.

Note:

Ensure that your configuration of users and groups meets the security requirements for this directory. For example, to restrict access to this directory, add the Apache user to the same user group as the owner of the directory.

Loadbalancer Plug-In Initialization

To ensure that the Loadbalancer Plug-In is initialized when Apache is started, grant the Apache user read access and write access to the following files:

  • apache-install-location/conf/loadbalancer.xml

  • apache-install-location/conf/sun-loadbalancer_1_2.dtd

Modifying Directory Access Permissions to Enable Auto Apply

To ensure that the Auto Apply feature operates correctly, grant the Apache user read access, write access, and execute access to the apache-install-location/conf/ directory.

If the Apache user is in the same group as the owner of this directory, change the mode to 775.

See Auto Apply for more information about this feature.

Starting Apache on Solaris and Linux

In general, you should start Apache with the same user ID that was used when installing GlassFish Server. You must start Apache as root under the following circumstances:

  • If you are using port numbers below 1024

  • If Apache runs as a different user than the user that starts GlassFish Server

Use the following command to start Apache 2.2.x:

apachectl start

If necessary, check the Apache web site for the latest information on starting the Apache server.

Configuring Microsoft IIS

There are several Microsoft Internet Information Services (IIS) configuration steps you need to perform before and after installing the Loadbalancer Plug-In for GlassFish Server 3.1.2. The Loadbalancer Plug-In supports Microsoft IIS 7.5+ (32-bit). IIS 64-bit is supported if 32-bit application support is enabled in IIS.

The following topics are addressed here:

To Configure SSL for IIS 7.5+

This procedure explains how to configure SSL on a Microsoft IIS 7.5+ server so it can work with the Loadbalancer Plug-In. Note that the load balancer Auto Apply feature is not supported in IIS, so this procedure is only required if you want to use IIS with SSL support for other reasons.

  1. Open the Internet Services Manager in Microsoft IIS.

  2. Under the host name in Nodes (above Application Pools), select Server Certificates and click Create a self-signed certificate in the Actions pane.

  3. Select the Website to make the site Binding, and then click Add to add a new binding.

  4. Select HTTPS and select the SSL Certificate from the list.

  5. Select SSL Settings in Website and check Require SSL and Accept for client certificate.

  6. Launch Browse HTTPS from Website and verify that the Welcome page launches.

    Internet Explorer (IE) 7 will display an error page because the self-signed certificate was issued by your computer, not by a trusted Certificate Authority (CA). IE 7 will trust the certificate if you add it to the list of Trusted Root Certification Authorities in the certificates store on the local computer or in Group Policy for the domain.

  7. Click Continue to this Web Site (not recommended).

  8. Proceed with the instructions in Installing the Loadbalancer Plug-In.

Microsoft IIS 7.5+ Post-Install Configuration Steps

This section explains the Microsoft IIS 7.5+ configuration steps that must be performed after installing the Loadbalancer Plug-In for GlassFish Server 3.1.2.

To Configure Microsoft IIS 7.5+ After Installing the GlassFish Loadbalancer Plug-In

  1. Open the Microsoft IIS Server Manager.

  2. Browse to Roles/Web Server.

  3. Verify ISAPI extensions and ISAPI filters are installed under Role Services.

    If these role services are not installed, then you must install them.

  4. Select the web site for which you want to enable the Loadbalancer Plug-In, and make the following changes.

    These changes can be made at the root level, affecting all web sites, or can be made for individual web sites.

    1. Enable 32-bit application pool support for 64-bit IIS.

      1. Right-click Application Pool and choose DefaultAppPool.

      2. Choose Advanced Settings.

      3. Set the Enable 32-bit Application option to True.

    2. Enable the ISAPI-dll Execute option.

      1. Choose Open Handler Mappings.

      2. Right-click Select ISAPI-dll, and then choose Edit Feature Permissions.

      3. Enable the Execute option.

    3. Add a new ISAPI filter.

      1. Open the ISAPI Filters tab.

      2. Click Add.

      3. In the Filter Name field, enter GF LB

      4. In the Executable field, type C:\Inetpub\wwwroot\sun-passthrough\sun-passthrough.dll.

    4. Set ISAPI and CGI restrictions.

      1. Open ISAPI and CGI Restriction.

      2. Click Add.

      3. For ISAPI and CGI path, browse to C:\inetpub\wwwroot\sun-passthrough\sun-passthrough.dll.

      4. For Description, enter GF LB

      5. Select the Allow extension path to execute checkbox.

    5. Create and configure a new virtual directory.

      1. Right-click on Web site, choose New, and then choose Virtual Directory.

      2. In the Alias field, type sun-passthrough .

      3. In the Physical Path field, type C:\Inetpub\wwwroot\sun-passthrough.

  5. Create a new lb.log file.

    1. Exit the Internet Services Manager and browse to the C:\Inetpub\wwwroot\sun-passthrough directory.

    2. Create a text document named lb.log.

    3. Grant write permissions on the file to all users.

  6. Add the absolute paths for the sun-passthrough.dll file and the C:\inetpub\glassfish-lbplugin\lib directory to the IIS server machine's PATH environment variable.

  7. Restart the IIS server machine to allow the new PATH setting to take effect.

  8. Verify that the web server, Loadbalancer Plug-In, and GlassFish Server are operating correctly.

    1. Start the Default Web Site that is managed by IIS.

    2. Launch a web browser and open the Default Web Site.

      The IIS Welcome page should display.

See Also

See Automatically Configured sun-passthrough Properties for a list of the properties that are automatically configured when you install the Loadbalancer Plug-In.

Automatically Configured sun-passthrough Properties

The Load Balancer Configurator automatically configures the following properties in sun-passthrough.properties. You can change the default values.

Property Definition Default Value

lb-config-file

Path to the load balancer configuration file

IIS-www-root\sun-passthrough\loadbalancer.xml

log-file

Path to the load balancer log file

IIS-www-root\sun-passthrough\lb.log

log-level

Log level for the web server

INFO


Note:

The Auto Apply feature is not currently supported with IIS. See Auto Apply for more information about this feature.

Configuring Oracle HTTP Server

The GlassFish Loadbalancer Configurator does not support Oracle HTTP Server (OHS), so you must manually configure the web server to work with the Loadbalancer Plug-In. These procedures apply to Oracle HTTP Server 11.1.1.4+ only. Other versions of Oracle HTTP Server are not supported.

The following topics are addressed here:

To Configure Oracle HTTP Server to Use the Loadbalancer Plug-In

  1. Download and install Oracle HTTP Server (OHS) 11.1.1.4+ (32-bit), if it is not already installed.

    OHS is available from the Oracle Middleware Downloads page. Look for Web Tier Utilities under Required Additional Software. Note that you need to install the complete Web Tier Utilities bundle because OHS is not available separately. Be sure to download the 32-bit product version.

  2. Prepare for and install the GlassFish Loadbalancer Plug-In.

    1. Create a dummy Apache directory named /tmp/apache on the machine on which OHS is installed.

    2. Install the Loadbalancer Plug-In, as described in Installing the Loadbalancer Plug-In.

      Use the following options when running the GlassFish Loadbalancer Configurator:

      Choose Apache HTTP Server as your web server.

      Point to the dummy /tmp/apache as the Apache HTTP Server installation directory.

      The GlassFish Loadbalancer Configurator will create a new /tmp/apache/glassfish-lbplugin directory.

  3. Configure OHS at the installation level.

    1. Copy /tmp/apache/glassfish-lbplugin to ohs-install-dir/ohs.

    2. Update ohs-install-dir/ohs/bin/apachectl.

      Enter the following statement on a single line:

      LD_LIBRARY_PATH=$ORACLE_HOME/ohs/lib:$ORACLE_HOME/pcs/lib:$ORACLE_HOME/lib:
      $ORACLE_HOME/ohs/glassfish-lbplugin/lib:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH
      

      Enter the following statement on a single line:

      NSS_STRICT_NOFORK=DISABLED; export NSS_STRICT_NOFORK
      
  4. Configure OHS at the instance level.

    1. Create the following directories:

      ohs-instance-dir/config/OHS/ohs1/modules/resource
      ohs-instance-dir/config/OHS/ohs1/sec_db_files
      
    2. Copy the following file to ohs-instance-dir/config/OHS/ohs1/modules:

      ohs-install-dir/ohs/glassfish-lbplugin/lib/webserver-plugin/linux/apache2.2/mod_loadbalancer.so
      
    3. Copy the following directory to ohs-instance-dir/config/OHS/ohs1/modules:

      ohs-install-dir/ohs/glassfish-lbplugin/lib/webserver-plugin/linux/apache2.2/errorpages
      
    4. Copy the following files to ohs-instance-dir/config/OHS/ohs1/modules/resource:

      ohs-install-dir/ohs/glassfish-lbplugin/lib/webserver-plugin/linux/apache2.2/*.res
      
    5. Copy the following files to ohs-instance-dir/config/OHS/ohs1/sec_db_files:

      ohs-install-dir/ohs/glassfish-lbplugin/lib/webserver-plugin/linux/apache2.2/*.db
      
    6. Add the following entry as the last line in ohs-instance-dir/config/OHS/ohs1/httpd.conf:

      include "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/gf.conf"
      
    7. Also in ohs-instance-dir/config/OHS/ohs1/httpd.conf, modify the worker MPM settings as follows:

      Set StartServers to 1.

      Set MaxClients to 64.

      Set ThreadsPerChild to 64.

    8. In ohs-instance-dir/config/OHS/ohs1/ssl.conf, set <VirtualHost *:4444>.

    9. Create a file named ohs-instance-dir/config/OHS/ohs1/gf.conf and add the following entries.

      In this code sample, note that lines that are too long for this publication are truncated with a space and backslash (\). In cases where this truncation is used for a line, be sure to enter that line and the subsequent line in a single line in your configuration file.

      LoadModule apachelbplugin_module \
      ${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/ \
         modules/mod_loadbalancer.so
      <IfModule apachelbplugin_module>
         config-file "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/ \
            ${COMPONENT_NAME}/loadbalancer.xml"
         locale en
      </IfModule>
      <VirtualHost *:7777>
      DocumentRoot "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/htdocs"
      ServerName myserver
      </VirtualHost>
      

      Note:

      Replace port 7777 and ServerName with whatever values are used in your configuration.

    10. Copy the following file to ohs-instance-dir/config/OHS/ohs1:

      ohs-install-dir/ohs/glassfish-lbplugin/lib/dtds/glassfish-loadbalancer_1_3.dtd
      
    11. Generate a load-balancer.xml configuration file on GlassFish Server, and copy this file to ohs-instance-dir/config/OHS/ohs1.

      Use the export-http-lb-config subcommand to generate a load-balancer.xml file. See the export-http-lb-config(1) help page for more information.

    12. Start OHS.

      For example:

      ohs-instance-dir/bin/opmnctl startall
      

To Enable the Load Balancer Auto Apply Feature

This procedure is only required if you plan on using the load balancer Auto Apply feature with Oracle HTTP Server (OHS). The Auto Apply feature enables changes made to a configuration through the GlassFish Server Administration Console or from the command line with the apply-http-lb-changes subcommand to be automatically sent over the wire to the web server configuration directory.

Before You Begin

Before proceeding with the instructions in this procedure, ensure that you have completed the instructions in To Configure Oracle HTTP Server to Use the Loadbalancer Plug-In.

  1. Export the GlassFish Server DAS certificate.

    Enter the following command on a single line:

    keytool -export -rfc -keystore domain-dir/config/keystore.jks
     -alias s1as -file glassfish.crt -storepass keystore-password
    
  2. Copy the glassfish.crt file to the directory of your choice on the OHS server.

  3. Add the GlassFish Server DAS certificate to the OHS keystore.

    Enter the following command on a single line:

    orapki wallet add
     -wallet ohs-instance-dir/config/OHS/ohs1/keystores/default/cwallet.sso
     -cert glassfish.crt -trusted_cert -auto_login_only
    

    Refer to the OHS documentation for more information about the orapki utility.

  4. Create a new file named ohs-instance-dir/config/OHS/ohs1/gf-admin.conf and add the following entries:

    # OHS Listen PortListen 5443
    
    <VirtualHost *:5443>
      <IfModule ossl_module>
       #  SSL Engine Switch:
       #  Enable/Disable SSL for this virtual host.
       SSLEngine on
    
       #  Client Authentication (Type):
       #  Client certificate verification type and depth.  Types are
       #  none, optional and require.
       SSLVerifyClient require
    
       #  SSL Cipher Suite:
       #  List the ciphers that the client is permitted to negotiate
       #  (enter these ciper names on a single line).
       SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,
       SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,
       TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA
    
       # SSL Certificate Revocation List Check
       # Valid values are On and Off
       SSLCRLCheck Off
    
       #Path to the wallet (enter path on a single line).
       SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/
       ${COMPONENT_NAME}/keystores/default"
           
      </IfModule>
    
    <Location /lbconfigupdate>
                   SSLRequireSSL
                   SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
                           and %{SSL_CLIENT_S_DN_O} eq "Oracle Corporation" \
                           and %{SSL_CLIENT_S_DN_OU} eq "GlassFish" \
                           and %{SSL_CLIENT_M_SERIAL} eq <SERIAL NUMBER> )
    </Location>
    
    </VirtualHost>
    

    Note:

    Port 5443 is used in this example. This port can be changed to any port that is appropriate for your system. This same port must be used when running the create-http-lb subcommand.

  5. Update the <SERIAL NUMBER> entry in the new ohs-instance-dir/config/OHS/ohs1/gf-admin.conf file.

    1. Get the serial number from the glassfish.crt file.

      keytool -printcert -file path-name/glassfish.crt
      
    2. Replace <SERIAL NUMBER> in the gf-admin.conf file with the value from the glassfish.crt file.

    3. Convert the updated <SERIAL NUMBER> string in the gf-admin.conf file to all uppercase.

  6. Add the following line to the httpd.conf:

    include "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/gf-admin.conf"
    
  7. Stop and restart OHS.

Installing the Loadbalancer Plug-In

The GlassFish Loadbalancer Plug-In is shipped as a ZIP bundle that you install after installing and configuring GlassFish Server and your desired web server. The plug-in is installed by means of a graphical GlassFish Loadbalancer Configurator that helps you configure your web server and GlassFish Server to work together.

Note:

The Loadbalancer Plug-In is only available to customers who are using Oracle GlassFish Server 3.1.2. The plug-in is not available for GlassFish Server Open Source Edition.

To Install the Loadbalancer Plug-In

This procedure explains how to download and install the GlassFish Loadbalancer Plug-In. Most of the configuration instructions for the Plug-In are integrated into the GlassFish Loadbalancer Configurator interface and online help, so the instructions here are intended only to get you started with the plug-in configuration process.

Note:

Regardless of the web server on which the Loadbalancer Plug-In is installed, if you subsequently re-create a GlassFish Server domain and want to continue to use the Auto Apply feature, the Loadbalancer Plug-In must be re-installed. This is necessary so a new DAS Certificate can be regenerated and re-imported into the web server configuration. See Auto Apply for more information about this feature.

Before You Begin

Before installing the Loadbalancer Plug-In, ensure that the following conditions have been met:

  • Your operating system and web server combination is supported by the Loadbalancer Plug-in. See Supported Operating Systems and Web Servers.

  • GlassFish Server 3.1.2 is installed and configured as described in the Oracle GlassFish Server Installation Guide.

  • The web server for which you want to configure the Loadbalancer Plug-In is installed and configured according to the web server software provider's instructions.

  • You have reviewed and, if necessary, performed the preparatory web server configuration steps explained earlier in this chapter.

  1. Download the GlassFish Loadbalancer Configurator ZIP archive.

    The Configurator ZIP archive is available for download at http://www.oracle.com/technetwork/middleware/glassfish/downloads/index.html.

  2. Unzip the Configurator ZIP archive to the directory of your choice.

  3. Launch the Loadbalancer Configurator by running the glassfish-lbconfigurator-3_1.jar file that was included in the Configurator ZIP archive.

    The version number will vary depending on the version of the Configurator archive you downloaded. For example:

    java -jar glassfish-lbconfigurator-3_1.jar
    
  4. Follow the onscreen instructions in the Loadbalancer Configurator.

    Use the Help button to display online help for any screen for which you want additional information.

  5. When the Configurator has completed, proceed with the instructions in Verifying Loadbalancer Plug-In Configuration.

Verifying Loadbalancer Plug-In Configuration

After configuring your web server and installing the Loadbalancer Plug-In, use the following steps to verify that the plug-in is working correctly.

To Verify the Loadbalancer Plug-In Configuration

  1. Create a GlassFish Server cluster.

    Use the asadmin create-cluster command. For instructions, refer to Creating, Listing, and Deleting Clusters.

  2. Follow the instructions in To Set Up Load Balancing Using the asadmin Tool.