Book Demo!

This article discusses the details of the Apache HTTP Server Load Balancer configuration to serve as a front end for two XTAM nodes with sticky sessions options enabled. Please refer to the diagram for the deployment in the following BLOG post

https://www.xtontech.com/blog/xtam-high-availability-configuration/

Apache HTTPS server in this example utilizes the module mod_ssl. Make sure to install this module and enable it in the Apache server configuration. For SELinux allow HTTPS server to connect using the command:

setsebool -P httpd_can_network_connect 1

The reversed proxy configuration is summarized in the SSL Virtual Host specification file below.

<VirtualHost *:80>
   ServerName xtam-cos-farm.yourdomain.com
   Redirect / https://xtam-cos-farm.yourdomain.com/xtam/
   Redirect /xtam/ https://xtam-cos-farm.yourdomain.com/xtam/
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLProxyEngine on

   # followed 2 directives were set for being able to use self-signed certificates on farm nodes
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off

   ServerName xtam-cos-farm.yourdomain.com

   <Proxy balancer://xtam-https-balancer>
       BalancerMember https://<hosta-address>:6443 route=hosta
       BalancerMember https://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   <Proxy balancer://xtam-ws-balancer>
       BalancerMember ws://<hosta-address>:6443 route=hosta
       BalancerMember ws://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   ProxyPass / balancer://xtam-https-balancer/
   ProxyPassReverse / balancer://xtam-https-balancer/

   ProxyPass /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel
   ProxyPassReverse /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel

   SSLCertificateFile /etc/ssl/certs/cert-name.crt
   SSLCertificateKeyFile /etc/pki/tls/private/private_key.key
</VirtualHost>

On the XTAM nodes modify Engine tag in $XTAM/web/conf/server.xml file. This tag should include jvmRoute attribute identifying this node for the Apache server. Use hostb on the second XTAM node server.xml file. Note that load balancer configuration above references both hosta and hostb identifiers using route attribute of Proxy node description. You can use different identifiers but they have to match between the node server.xml and load balancer configuration files.

<Engine name="Catalina" defaultHost="localhost" jvmRoute="hosta">
Categories: xton

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

xton

How to enable Windows Remote Management using domain policy

Xton Access Manager (XTAM) uses Windows Remote Management technology to execute jobs such as password reset on the remote Windows computers. WinRM is enabled on the windows computer using the following command executed from command Read more…

xton

Configuring Windows Server NLB for Multi-Node Deployment

Configuring Windows Server NLB for Multi-Node Deployment Architecture This article discusses details of Windows Network Load Balancer (NLB) configuration to balance two or more XTAM Server nodes. Earlier we discussed XTAM Server multi-node architecture built Read more…

Industry

The Challenge of Multi-Factor Authentication and Shared Accounts

Recently, I wrote about the importance of combining multi-factor authentication (MFA) and privileged access management. According to 2018 Global Password Security Report, 45% of organizations are already using two-factor authentication (2FA) and the 451 Group Read more…

Copyright © 2020 Xton Technologies, LLC. All rights reserved.