Sun Java System Application Server Enterprise Edition 8.2 High Availability Administration Guide

Configuring Apache After Installing the Load Balancer Plug-In

Apache Web Server must have the correct security files to work with the load balancer plug-in. The load balancer depends on the NSS (Network Security Service) library which requires these security database files. You need to get these security database files from Application Server, so an installation of Application Server must be available in a location accessible by the Web Server.

ProcedureTo Configure Apache Security Files to Work with the Load Balancer

  1. Create a directory called sec_db_files under Apache-install-dir.

  2. Copy the security database files from Application Server to the directory you created.

    Copy domain-dir/config/*.db to Apache-install-dir/sec_db_files.

  3. Depending on the platform, perform additional configuration.

    • On the Solaris platform, for Java Enterprise System installations:

      Add the path /usr/lib/mps/secv1 to LD_LIBRARY_PATH in the Apache-install-dir/bin/apachectl script. The path must be added before /usr/lib/mps.

    • On the Linux platform, for Java Enterprise System installation:

      Add the path /opt/sun/private/lib to LD_LIBRARY_PATH in the Apache-install-dir/bin/apachectl script. The path must be added before /usr/lib.

    • On Microsoft Windows:

      1. Add a new path to the Path environment variable.

        Click Start ⇒ Settings ⇒ Control Panel ⇒ System ⇒ Advanced ⇒ Environment Variables ⇒ System Variables.

        Add the Application Serverinstall-dir/bin to the Path environment variable.

      2. Set the environment variable NSPR_NATIVE_THREADS_ONLY to 1.

        In the Environment Variables window, under System Variables, click New. Enter Variable name of NSPR_NATIVE_THREADS_ONLY and Variable value of 1.

      3. Restart the machine.

ProcedureTo Create a Security Certificate for Apache 2

These steps are required to support HTTPS requests on Apache.

For detailed information on setting up a security certificate on Apache, see the instructions on and The following procedure is adapted from those web sites.

  1. Go to the appropriate OpenSSL directory:

    • If using Solaris 10, use the preinstalled OpenSSL for certificate creation. cd /usr/sfw/bin

    • If using Solaris 9 or Linux, go to the directory where you installed OpenSSL. You should already have run configure and make for OpenSSL as instructed in To Install SSL-aware Apache.

      Set up an environment variable OPENSSL_CONF=OpenSSL-installation-directory/apps/openssl.cnf.

  2. Create the server certificate and key by executing the following command:

    openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365

    When asked for a common name, give the host name on which you plan to run Apache. For all other prompts, enter values that meet any specific requirements you have.

    This command creates newreq.pem.

  3. Open the newly-created newreq.pem from the location where the openssl command was run.

  4. Copy the lines beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE and paste them in Apache-install-dir/conf/ssl.crt/server.crt. For example:

    -----END CERTIFICATE-----
  5. Copy the lines beginning with BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY and paste them in Apache-install-dir/conf/ssl.key/server.key. For example:

    -----END RSA PRIVATE KEY-----
  6. Make sure that the variables SSLCertificateKeyFileand SSLCertificateFile in Apache-install-dir/conf/ssl.conf have the correct values.

  7. Ensure that the ServerName is not The ServerName should be the actual host name where Apache will run, matching the Common Name you entered when creating the server certificate and key.

Modifying httpd.conf parameters to enable sticky round robin

For the sticky round robin feature to work, in the httpd.conf file, under the section prefork MPM, ensure that the values of the parameters StartServers and maxclients are set to 1. Otherwise, every new session request will spawn a new Apache process and the load balancer plug-in will be initialized resulting in requests landing in the same instance.