Configuring Apache After Installing the Load Balancer Plug-In (Sun Java System Application Server 9.1 High Availability Administration Guide)

Sun Java System Application Server 9.1 High Availability Administration Guide

Configuring Apache After Installing the Load Balancer Plug-In

Apache Web Server must have the correct security files to work with the load balancer plug-in. The load balancer depends on the NSS (Network Security Service) library, which requires these security database files. You need to get these security database files from Application Server, so an installation of Application Server must be available in a location accessible by the Web Server.

To configure Apache security files to work with the load balancer, do the following:

Append /usr/lib/mps to LD_LIBRARY_PATH in the Apache-install-dir/bin/apachectl script.

To Create a Security Certificate for Apache

These steps are required to support HTTPS requests on Apache.

For detailed information on setting up a security certificate on Apache, see the instructions on http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html and http://www.modssl.org/docs/2.8/ssl_faq.html. The following procedure is adapted from those web sites.

Set up the following environment variable:

OPENSSL_CONF=OpenSSL-installation-directory/apps/openssl.cnf.

Create the server certificate and key by executing the following command:

openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

This command creates newreq.pem.

Open the newly-created newreq.pem from the location where the openssl command was run.

Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in Apache-install-dir/conf/ssl.crt/server.crt. For example:
-----BEGIN CERTIFICATE----- .... ... -----END CERTIFICATE-----

Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in Apache-install-dir/conf/ssl.key/server.key. For example:
-----BEGIN RSA PRIVATE KEY----- ... ... ... -----END RSA PRIVATE KEY-----

Make sure that the variables SSLCertificateKeyFileand SSLCertificateFile in Apache-install-dir/conf/ssl.conf have the correct values.

Ensure that the ServerName is not www.example.com. The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.

Modifying httpd.conf parameters to enable sticky round robin

For the sticky round robin feature to work, in the httpd.conf file, under the section prefork MPM, ensure that the values of the parameters StartServers and maxclients are set to 1. Otherwise, every new session request will spawn a new Apache process and the load balancer plug-in will be initialized resulting in requests landing in the same instance.