Configuring Apache After Installing the HTTP Load Balancer Plug-In (Sun GlassFish Enterprise Server v2.1.1 High Availability Administration Guide)

Sun GlassFish Enterprise Server v2.1.1 High Availability Administration Guide

Configuring Apache After Installing the HTTP Load Balancer Plug-In

This section requires the changes you make after installing Apache Web Server.

Modifying httpd.conf parameters to enable sticky round robin

For the sticky round robin feature to work, make the following changes in the apache-install-location/conf/extra/httpd-mpm.conf file for Apache 2.2.x or in the apache-install-location/conf/httpd.conf file for Apache 2.0.x.

Under the section prefork MPM, ensure that the values of the parameters StartServers and maxclients are set to 1. Otherwise, every new session request will spawn a new Apache process and the load balancer plug-in will be initialized resulting in requests landing in the same instance.

For Apache 2.2.x, uncomment the following line in the apache-install-location/conf/httpd.conf file:

Include conf/extra/httpd-mpm.conf

Configuring security files to work with the load balancer

Apache Web Server must have the correct security files to work with the load balancer plug-in. The load balancer depends on the NSS (Network Security Service) library, which requires these security database files. You need to get these security database files from Enterprise Server, so an installation of Enterprise Server must be available in a location accessible by the Web Server.

To configure security files to work with the load balancer:

For Apache 2.0.x, append /usr/lib/mps to LD_LIBRARY_PATH in the Apache-install-dir/bin/apachectl script.
For Apache 2.2.x, append /usr/lib/mps to LD_LIBRARY_PATH in the Apache-install-dir/bin/envvars file.

Providing access permissions to Apache user

Ensure that the Apache user has the required access permissions to the apache-install-location/conf/ directory and files in this directory. The Apache user is the UNIX user under which the Apache server responds to requests. This user is defined in the file httpd.conf. If you installed Apache as a root user, read the note about configuring the Apache user and group in apache-install-location/conf/httpd.conf.

Note –

Ensure that your configuration of users and groups meets the security requirements for this directory. For example, to restrict access to this directory, add the Apache user to the same user group as the owner of the directory.

Load balancer plug-in initialization

To ensure that the load balancer plug-in is initialized when Apache is started, grant the Apache user read access and write access to the following files:

apache-install-location/conf/loadbalancer.xml
apache-install-location/conf/sun-loadbalancer_1_2.dtd

Modifying directory access permissions to enable auto apply

To ensure that the Auto Apply feature operates correctly, grant the Apache user read access, write access, and execute access to the apache-install-location/conf/ directory.

If the Apache user is in the same group as the owner of this directory, change the mode to 775. If the Apache user is in a different group than the owner of this directory, change the mode to 777.

To Create a Security Certificate for Apache

These steps are required to support HTTPS requests on Apache.

For detailed information on setting up a security certificate on Apache, see the instructions on http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html and http://www.modssl.org/docs/2.8/ssl_faq.html. The following procedure is adapted from those web sites.

Set up the following environment variable:

OPENSSL_CONF=OpenSSL-installation-directory/apps/openssl.cnf.

Create the server certificate and key by executing the following command:

openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

This command creates newreq.pem.

Open the newly-created newreq.pem from the location where the openssl command was run.

Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in Apache-install-dir/conf/ssl.crt/server.crt. For example:
-----BEGIN CERTIFICATE----- .... ... -----END CERTIFICATE-----

Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in Apache-install-dir/conf/ssl.key/server.key. For example:
-----BEGIN RSA PRIVATE KEY----- ... ... ... -----END RSA PRIVATE KEY-----

Make sure that the variables SSLCertificateKeyFileand SSLCertificateFile in Apache-install-dir/conf/ssl.conf for Apache 2.0.x or in Apache-install-dir/conf/extra/httpd-ssl.conf for Apache 2.2.x have the correct values.

Ensure that the ServerName is not www.example.com. The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.