Get Started!

This article discusses the details of the Apache HTTP Server Load Balancer configuration to serve as a front end for two XTAM nodes with sticky sessions options enabled. Please refer to the diagram for the deployment in the following BLOG post

https://www.xtontech.com/blog/xtam-high-availability-configuration/

Apache HTTPS server in this example utilizes the module mod_ssl. Make sure to install this module and enable it in the Apache server configuration. For SELinux allow HTTPS server to connect using the command:

setsebool -P httpd_can_network_connect 1

The reversed proxy configuration is summarized in the SSL Virtual Host specification file below.

<VirtualHost *:80>
   ServerName xtam-cos-farm.yourdomain.com
   Redirect / https://xtam-cos-farm.yourdomain.com/xtam/
   Redirect /xtam/ https://xtam-cos-farm.yourdomain.com/xtam/
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLProxyEngine on

   # followed 2 directives were set for being able to use self-signed certificates on farm nodes
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off

   ServerName xtam-cos-farm.yourdomain.com

   <Proxy balancer://xtam-https-balancer>
       BalancerMember https://<hosta-address>:6443 route=hosta
       BalancerMember https://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   <Proxy balancer://xtam-ws-balancer>
       BalancerMember ws://<hosta-address>:6443 route=hosta
       BalancerMember ws://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   ProxyPass / balancer://xtam-https-balancer/
   ProxyPassReverse / balancer://xtam-https-balancer/

   ProxyPass /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel
   ProxyPassReverse /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel

   SSLCertificateFile /etc/ssl/certs/cert-name.crt
   SSLCertificateKeyFile /etc/pki/tls/private/private_key.key
</VirtualHost>

On the XTAM nodes modify Engine tag in $XTAM/web/conf/server.xml file. This tag should include jvmRoute attribute identifying this node for the Apache server. Use hostb on the second XTAM node server.xml file. Note that load balancer configuration above references both hosta and hostb identifiers using route attribute of Proxy node description. You can use different identifiers but they have to match between the node server.xml and load balancer configuration files.

<Engine name="Catalina" defaultHost="localhost" jvmRoute="hosta">
Categories: xton

Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

xton

KuppingerCole Analyst Executive View of XTAM

As Xton Access Manager (XTAM) continues to grow in the Privileged Account Management space we are briefing popular analyst firms such as Gartner, KuppingerCole, Forrester and others about our capabilities and product roadmap.  If you Read more…

xton

XTAM Search Query Options

Xton Access Manager (XTAM) can quickly find records that match XTAM search criteria. By default, XTAM search query finds records by record name, description and a host name on a record. However, XTAM also uses Read more…

xton

XTAM Update: adds shadow and self-reset option to manage MS Active Directory accounts and discovery host name verification

Xton Access Manager Product Update 2.3.201904072223 Today we released new update to the Xton Privileged Access Manager software. This update adds shadow and self-reset option to manage MS Active Directory accounts and discovery host name Read more…

Copyright © 2019 Xton Technologies, LLC. All rights reserved.