在Apache上为mod_jk在JBoss上设置SSL作为

Question

我配置了Apache作为负载平衡器来向JBoss发送http请求。然而，尝试添加https是困难的。我相信我需要使用虚拟主机。我有证书和所需的关键文件，如果有人知道该怎么做，请分享...

这里是我的httpd（相关件）：

#************************************************************ 
Listen 80 
# For SSL configuration, add below line also. 
Listen 443 
# Include mod_jk configuration file 
Include conf/mod-jk.conf 
#************************************************************ 

这里是我的MOD-jk.conf：

#************************************************************  
LoadModule jk_module modules/mod_jk.so 

LoadModule ssl_module modules/mod_ssl.so 

JkWorkersFile conf/workers.properties 

JkLogFile logs/mod_jk.log 

JkLogLevel info 

JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" 

JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories 

JkRequestLogFormat "%w %V %T" 

JkMount /__application__/* loadbalancer 

JkUnMount /__application__/images/* loadbalancer 

JkMountFile conf/uriworkermap.properties 

JkShmFile run/jk.shm 

<Location /jkstatus> 
JkMount status 
Order deny,allow 
Deny from all 
Allow from 127.0.0.1 
Allow from 192.168.140.128 
</Location> 
#************************************************************ 

这里是我的workers.properties：

#************************************************************ 
    worker.list=loadbalancer,status 

    worker.node1.port=8009 
    worker.node1.host=192.168.140.128 
    worker.node1.type=ajp13 
    worker.node1.lbfactor=1 
    worker.node1.prepost_timeout=10000 #Not required if using ping_mode=A 
    worker.node1.connect_timeout=10000 #Not required if using ping_mode=A 
    worker.node1.ping_mode=A #As of mod_jk 1.2.27 

    worker.loadbalancer.type=lb 
    worker.loadbalancer.balance_workers=node1 
    worker.status.type=status 
#************************************************************ 

这里是我的server.xml中（在JBoss中）：

<Server> 

    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> 
    <Listener className="org.apache.catalina.core.JasperListener" /> 
<Service name="jboss.web"> 
     <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" 
       connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8"/> 
     <Connector port="8009" address="${jboss.bind.address}" 
     emptySessionPath="true" enableLookups="false" redirectPort="8443" 
     protocol="AJP/1.3" connectionTimeout="600000" maxThreads="200"/> 

    <Engine name="jboss.web" defaultHost="v-77-if-vm.us.nohsib.com" jvmRoute="node1"> 
     <Realm className="org.jboss.web.tomcat.security.JBossWebRealm" 
      certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping" 
      allRolesMode="authOnly" 
      /> 

     <Host name="v-77-if-vm.us.nohsib.com"> 
      <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve" 
       cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager" 
       transactionManagerObjectName="jboss:service=TransactionManager" /> 

     </Host> 
     </Engine> 
    </Service> 
</Server> 

Answer 1

你有你的HTTPS的配置添加到阿帕奇：

<IfModule ssl_module> 
SSLProtocol all 
SSLCipherSuite HIGH:MEDIUM 


#CA certificates for root and intermediate 
SSLCACertificateFile "C:/production/certs/provider/providerRoot.crt" 
SSLCertificateChainFile "C:/production/certs/provider/providerIntermediate.crt" 

#Generated first via openssl; Server public and private keys. 
SSLCertificateFile "C:/production/certs/provider/your.crt" 
SSLCertificateKeyFile "C:/production/certs/provider/your.key" 
</IfModule> 

然后，cooresponding虚拟主机下，添加以下内容：

<VirtualHost *:443> 
SSLEngine On 

您可能还想考虑启用使用重写的https重定向：

RewriteEngine on 
ReWriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]