You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jonathan Knight <j....@isc.keele.ac.uk> on 2011/07/28 16:10:42 UTC
[users@httpd] Sharing mod_proxy_balancer session data with multiple virtual hosts
I'm building a load balancer using apache. We have to support both SSl
and non-SSL sessions and the problem I'm trying to solve is how to get
both virtual hosts to share session data so that a when a connection is
sent to the non-SSL port, it is proxied to the same server as the SSL
session.
Here's a bit of httpd.conf. This one will correctly proxy SSL and
non-SSL sessions but won't necessarily use the same server from the same
client.
My fallback plan is to force SSL for everything which will overcome the
difficulty, but I am interested in knowing if there is a way of sharing
session data between virtual hosts.
Listen 160.5.xx.yy:80
Listen 160.5.xx.yy:443
<VirtualHost 160.5.xx.yy:80>
ServerName zzzz.keele.ac.uk
ServerAdmin j.knight@isc.keele.ac.uk
CustomLog /var/log/httpd/logs/staff/access_log common
ErrorLog /var/log/httpd/logs/staff/error_log
LogLevel debug
<Proxy balancer://staffcluster/>
BalancerMember http://server1.keele.ac.uk
BalancerMember http://server2.keele.ac.uk
</Proxy>
ProxyRequests off
ProxyPreserveHost on
ProxyPass /balancer-manager !
ProxyPass / balancer://staffcluster/ stickysession=JSESSIONID
lbmethod=bybusyness
ProxyPassReverse / balancer://staffcluster/
</VirtualHost>
<VirtualHost 160.5.xx.yy:443>
ServerName zzzz.keele.ac.uk
ServerAdmin j.knight@kis.keele.ac.uk
CustomLog /var/log/httpd/logs/staff/access_log common
ErrorLog /var/log/httpd/logs/staff/error_log
LogLevel debug
<Location /balancer-manager>
SetHandler balancer-manager
Order deny,allow
Deny from all
Allow from 160.5.zz
</Location>
<Proxy balancer://staffcluster/>
BalancerMember https://server1.keele.ac.uk
BalancerMember https://server2.keele.ac.uk
</Proxy>
ProxyRequests off
ProxyPreserveHost on
ProxyPass /balancer-manager !
ProxyPass / balancer://staffcluster/ stickysession=JSESSIONID
lbmethod=bybusyness
ProxyPassReverse / balancer://staffcluster/
SSLEngine on
SSLProxyEngine on
# SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/cert.crt
SSLCertificateKeyFile /usr/local/apache2/conf/key.crt
SSLCACertificateFile /usr/local/apache2/conf/cacert.crt
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Sharing mod_proxy_balancer session data with
multiple virtual hosts
Posted by Ben Timby <bt...@gmail.com>.
On Thu, Jul 28, 2011 at 10:10 AM, Jonathan Knight
<j....@isc.keele.ac.uk> wrote:
> I'm building a load balancer using apache. We have to support both SSl and
> non-SSL sessions and the problem I'm trying to solve is how to get both
> virtual hosts to share session data so that a when a connection is sent to
> the non-SSL port, it is proxied to the same server as the SSL session.
>
> Here's a bit of httpd.conf. This one will correctly proxy SSL and non-SSL
> sessions but won't necessarily use the same server from the same client.
>
> My fallback plan is to force SSL for everything which will overcome the
> difficulty, but I am interested in knowing if there is a way of sharing
> session data between virtual hosts.
Don't bother sharing session data, just do stickiness using a
dedicated cookie (other than the session cookie). This cookie will be
set by one apache instance and recognized by both. As long as the
cookie is not SSL only, it will direct both SSL and plaintext traffic
to the same backend.
There are plenty of examples below.
http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org