The Enterprise Server installation program makes the following modifications to Apache configuration while installing the load-balancing pug-in. If you choose to install the load-balancing plug-in manually, you need to perform these steps manually. The installation program extracts the necessary files to the modules directory in the web server’s root directory:
Ensure that you export the DAS certificate before installing the load-balancing plug-in.
For Apache 2.0.x, the installer adds the following entries to the web server instance’s httpd.conf file:
##BEGIN EE LB Plugin Parameters LoadModule apachelbplugin_module modules/mod_loadbalancer.so #AddModule mod_apache2lbplugin.cpp <IfModule mod_apache2lbplugin.cpp> config-file webserver-instance/httpd/conf/loadbalancer.xml locale en </IfModule> <VirtualHost machine-ip-address> DocumentRoot "webserver-instance/httpd/htdocs" ServerName server-name </VirtualHost> ##END EE LB Plugin Parameters
For Apache 2.2.x, the installer adds the following entries to the web server instance’s httpd.conf file:
##BEGIN EE LB Plugin Parameters LoadFile /usr/lib/libCstd.so.1 (For Solaris SPARC only) LoadModule apachelbplugin_module modules/mod_loadbalancer.so #AddModule apachelbplugin_module <IfModule apachelbplugin_module> config-file Apache-install-location/conf/loadbalancer.xml locale en </IfModule> ##END EE LB Plugin Parameters
For Apache 2.2.x, the installer adds the following entries to the web server instance’s httpd-vhosts.conf file:
##BEGIN EE LB Plugin Parameters <VirtualHost machine-ip-address> ServerName host-name DocumentRoot Apache-install-location/htdocs </VirutalHost> ##END EE LB Plugin Parameters
Other changes made by the installer to ensure that Apache's config-file and ssl-config have correct values for your environment. The ssl-config file is located at Apache-install-location/conf/ssl.conf in Apache 2.0.x, or at Apache-install-location/conf/extras/httpd-ssl.conf. The config file is at Apache-install-location/conf/httpd.conf for Apache 2.0.x and for Apache 2.2.x. The summary of changes made are as follows:
In ssl-config, for VirtualHost default:port the default hostname and port is replaced with the hostname of the local system where Apache is installed and the server's port number. Without this change, the load balancer will not work. On Solaris Apache may not start and on Linux, HTTPS requests may not work.
In ssl-config, for ServerName www.example.com:443, www.example.com is replaced with the hostname of the local system where Apache is installed.
Without this change, the following warning appears when you start Apache if a security certificate is installed:
[warn] RSA server certificate CommonName (CN) hostname does NOT match server name! |
For more information on installing certificates for Apache, see To Create a Security Certificate for Apache .
In config, replace ServerName www.example.com:80 with www.example.com with the hostname of the local system where Apache is installed.
Without this change, you see warnings when you start Apache that the system could not determine the server's fully qualified domain name, and that there are overlapping VirtualHost entries.
In apache-install-location/conf/extra/httpd-vhosts.conf, ServerName www.example.com:80 is replaced with www.example.com with the hostname of the local system where Apache is installed.
Without this change, you see warnings when you start Apache that the system could not determine the server's fully qualified domain name, and that there are overlapping VirtualHost entries.
The Enterprise Server installation program performs the following tasks for you.
Imports the DAS certificate by copying sjsas.crt to the apache-install-dir/conf/ssl.crt directory.
Appends the following lines to apache-install-dir/conf/extra/httpd-ssl.conf in Apache 2.2.x or to apache-install-dir/conf/httpd.conf in Apache 2.0.x.
<Location /lbconfigupdate> SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL SSLCACertificateFile apache-install-dir//conf/ssl.crt/sjsas.crt SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \ and %{SSL_CLIENT_S_DN_OU} eq "Sun GlassFish Enterprise Server" \ and %{SSL_CLIENT_M_SERIAL} eq "<serial_number>" ) </Location> <Location /getmonitordata> SSLVerifyClient require SSLVerifyDepth 1 SSLRequireSSL SSLCACertificateFile apache-install-dir/conf/ssl.crt/sjsas.crt SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \ and %{SSL_CLIENT_S_DN_OU} eq "Sun GlassFish Enterprise Server" \ and %{SSL_CLIENT_M_SERIAL} eq <serial_number> ) </Location>
For Apache 2.2.x, ensure that the line, Include conf/extra/httpd-ssl.conf is uncommented in the apache-install-dir/conf/httpd.conf file.
The value for serial-number needs to be generated from the DAS certificate file. Use the following command for generating the serial-number: keytool -printcert -file sjsas.crt. Change all lowercase characters to upper case in the output of this command and use it as the serial-number. This command will also print the name of the application server you are using.