Load-Balancing in Apache2.4 using mod_jk - html

Recently we have developed application with JAVA,HTML5,JQUERY,JBOSS-7.1.1,Apache2.4
my configuration details between Apache2.4 to JBoss is :
mod_jk.so & mod-jk.conf & workers.properties
------------------- configurations----------------------------------------------
mod-jk.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
#JkMount /TestForApache2/ loadbalancer
JkMount /Application/* loadbalancer
workers.properties
worker.list=loadbalancer
worker.jboss.host=192.168.1.105
worker.jboss.port=8009
worker.jboss.type=ajp13
worker.jboss.cachesize=100
worker.jboss.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=jboss
httpd-vhosts.conf
DocumentRoot "c:/Apache24/htdocs/html5"
ServerName localhost
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
Options Indexes FollowSymLinks Includes ExecCGI
JkMount /Application/* loadbalancer
we are facing the issue is :
when Multiple Users access my application from application.mysite.com then its going to hanging login page,if single user the its working fine.
i am new in this Apache2.4 i have tried with multiple changes like: i followed artical
when i restart the Apache2.4 from services then its working fine,
and we are using session ids in jboss
i.e. when logged in user then creating session send to user browser like: application.mysite.com/main/header.html?sessionId=oMzxRpLUkF8FX0r7NkMlWqOV.jboss
please can any once help me for changes in configuration changes,
thanks in advance & please save my days.

Related

Call a jsp on tomcat server behind a internal alb from html page on apache http in same az on front end of internal alb

Overview of vpc.
4 tiers -
public-sn with bastion connected to IGW of course.
internet-facing alb - the target is web-sn
web-sn private with ec2 Linux with apache HTTP installed
internal alb - input from web-sn - outbound all port 80 to internal alb
app-sn - 1 Linux ec2 running tomcat 9 - using iptables to redirect all port 80 traffic from internal-alb to port 8080 for tomcat. easy and works great.
DB-sn - private - 1 MySQL RDS instance. -NOT PART OF THIS DISCUSSION OR PROBLEM.
Situation:
I built a simple test JSP app on tomcat. Just an HTML form input for user and pass and a submit button. JSP form to echo back the input box data. easy, works great locally on the tomcat server.
Action:
I moved the index.html form to the apache HTTP server in web-sn and changed the form action to the URL using DNS of the internal alb. I used the curl command to test at the CLI of the web server and worked great. Of course, it only returns the .jsp contents.
Problem:
When I access the webpage from my local chrome browser page comes up fine. when I click the submit button times out after a minute "This site can't be reached" ERR_CONNECTION_TIMEOUT. of course, it spits out the URL I used in the form action.
code:
curl internal-App-ALB-Internal-xxxxxxxxxxx.us-west-1.elb.amazonaws.com/LoginCheck.jsp
works great no matter what the page JSP or HTML.
IT FAILS
Index.html on web server ********************
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>
<h1>Login Page</h1>
<center>
<h2>Signup Details</h2>
<form action="http://internal-App-ALB-Internal-xxxxxxxxxx.us-west-
1.elb.amazonaws.com/LoginCheck.jsp" method="post">
<br/>Username:<input type="text" name="username">
<br/>Password:<input type="password" name="password">
<br/><input type="submit" value="Submit">
</form>
</center>
</body>
</html>
END of html code ***************
Understanding:
From what I understand form action command is server-side.
curl command is using HTTP port 80
why does curl work at CLI of web server just fine and form action from HTML page on the same web server fail?
My security group settings must be good because the curl command works great. I have done other tests as well. I ssh tunnel to alb as well as all other subnets and all works great. I access tomcat manager through the internal app lb and works fine.
Please help with my lack of knowledge.
Thank you.
From your question and the comments below it becomes clear that you should configure a reverse proxy on your Apache server. Let's say the Apache server has a domain name apache.example.com which resolves to a public IP (in reality this is the IP of your bastion host, but through a series of load balancers/firewalls/DNATs/etc., which are not relevant to this explanation, port 80 of apache.example.com is forwarded to port 80 of your Apache virtual machine). For simplicity's sake let us also assume that Tomcat has a private address tomcat.example.com reachable from the Apache host.
Since tomcat.example.com is a private address, you can not use it directly in your HTML, you need to configure Apache to forward all requests for *.jsp pages to Tomcat. This can be done with:
<VirtualHost>
...
<!--
This will tell Tomcat to use `apache.example.com` in the URLs
it generates, instead of `tomcat.example.com:8080`
-->
ProxyPreserveHost On
<LocationMatch "\.jsp$">
ProxyPass "/" "http://tomcat.example.com:8080/"
</LocationMatch>
</VirtualHost>
You need also to load the mod_proxy and mod_proxy_http modules.
If you add more Tomcat servers, you can also use Apache as a load balancer:
<VirtualHost>
...
<!--
This will tell Tomcat to use `apache.example.com` in the URLs
it generates, instead of `tomcat.example.com:8080`
-->
ProxyPreserveHost On
<Proxy balancer://tomcat-cluster>
BalancerMember "http://tomcat1.example.com:8080"
BalancerMember "http://tomcat2.example.com:8080"
BalancerMember "http://tomcat3.example.com:8080"
</Proxy>
<LocationMatch "\.jsp$">
ProxyPass "/" "balancer://tomcat-cluster/" stickysession=JSESSIONID nofailover=On
</LocationMatch>
</VirtualHost>
(you also need to enable the mod_proxy_balancer module)
The nofailover parameter must be On, unless you configure a Tomcat cluster with session replication.

Is it possible to point a specific port from a domain name?

Basically what I want is this:
first.name.com:25565 -> 127.0.0.1:25562
second.name.com:25565 -> 127.0.0.1:25565
This is for some minecraft server's I'm hosting.
What you are looking for is Name-based virtual hosting. At the layer 4 transport, you can only redirect to different services by IP or port number, however, a number of protocols including HTTP(S) transmit the domain name used in the request and this allows a reverse proxy service such as Apache or Nginx to redirect to the actual service on the same or even a different host. Squid is normally used as a forward proxy on the client side which is not helpful in this case. What you want is a reverse HTTP(S) proxy on the server side. I am most familiar with Apache so I will present that here, but Nginx and others can do it as well. You will need the name-based virtual hosting of Apache to create a different service per hostname and then reverse proxy it to the real service behind it. As a note, you can't both have Apache running on 1234 and
Listen 10.1.1.1:1234
NameVirtualHost 10.1.1.1:1234
<VirtualHost 10.1.1.1:1234>
ServerName first.name.com
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:4321/"
ProxyPassReverse "/" "http://127.0.0.1:4321/"
</VirtualHost>
<VirtualHost 10.1.1.1:1234>
ServerName second.name.com:1234
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:1234/"
ProxyPassReverse "/" "http://127.0.0.1:1234/"
</VirtualHost>
You also need to make sure that the mod_proxy and mod_proxy_http modules are enabled for Apache. On Debian/Ubuntu, this can be done with this:
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
And the final note, you asked for the same port from the proxy, 1234, to be redirected to the local host on 127.0.0.1. Normally, I would recommend using a different port for the actual service, but you can share the port if to bind Apache to the external IP explicitly as I did in the example above using 10.1.1.1, and then bind the internal service only to 127.0.0.1. If you use the normal wildcard binding which it written as either 0.0.0.0 or *, then the two services will conflict.
Ok, so here's what I ended up doing:
mc.name.com is pointed at the server's hostname using a CNAME record
The next record I added was an SRV record to make 25565 point at 25562 (or whatever port I need it to be)
_minecraft._tcp.mc.muchieman.com SRV 900 0 5 25562 mc.muchieman.com.
900 being TLS, 0 being priority, 5 being weight, 25562 being the port to point to

SSL Localhost Privacy error

I setup ssl on localhost (wamp), I made the ssl crt with GnuWIn32.
When I try to login with fb in Chrome I get the following message:
URL:
https://localhost/ServerSide/fb-callback.php?code=.....#_=_
Error:
Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID.
localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
My SSL Config:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "c:/wamp/www"
ServerName localhost:443
ServerAdmin admin#example.com
ErrorLog "c:/wamp/logs/error.log"
TransferLog "c:/wamp/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/wamp/www/ssl/ia.crt"
SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
My question is how to setup valid SSL certificate on localhost? or do I need to edit my configuration?
Allow Insecure SSL (localhost)
In Chrome (including Version 110), enable allow insecure localhost:
chrome://flags/#allow-insecure-localhost
Refer to this Stack Overflow for more information.
Allow Insecure SSL (other)
See "Your connection is not private. blah-bla-blah"...
Type thisisunsafe (key listeners pick it up).
Notes
If you are just curious if this works, browse this site which has a bad root ssl certificate. Other "bad ssl" sites can be found using badssl.com.
More about the chromium "override keyword":.
This is specific for each site.
The chrome developers also do change this periodically.
The current (v110) BYPASS_SEQUENCE is dGhpc2lzdW5zYWZl (which is base64 encoded).
1. When you see "Your connection is not private...NET::ERR_CERT_INVALID" warning on Chrome,
2. Just type "thisisunsafe" and wait.
Note: Last time this was tested, Chrome latest version was 107.0.5304.107
Your connection is not private
Attackers might be trying to steal your information from 10.10.10.10 (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
Type “badidea” or “thisisunsafe” directly on same chrome page.
Do this if you REALLY SURE about the link you are trying is safe. In my case I was trying to setup stackstorm locally using vagrant and virtualbox
Chrome version: Version 92.0.4515.131 (Official Build) (x86_64).
Source

SVN Authentication using MySQL

I'm trying to setup per repository SVN authentication via MySQL but I'm having a few problems.
Firstly what is the difference between mod_authn_dbd and mod_auth_mysql?
Secondly I already have a MySQL database setup with a table for users, groups and permissions. Is it possible using either of these mods to link into my current permission system where by a username, password and permission is required to access the repository (Preferable with a read permission and write permission per repository)
tbl_users: user_id, user_name, user_hash
tbl_group: group_id, group_name
tbl_permission: permission_id, permission_name
tbl_user_group: user_id, group_id
tbl_group_permission: group_id, permission_id
tbl_user_permission: user_id, permission_id
Firstly the difference.
mod_authn_dbd provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables.
mod_auth_mysql is an Apache module that allows authentication using user and group data stored in MySQL databases. The project seems to not have updated since 2005, so I'd go for mod_authn_dbd.
To set this up properly, first you need to configure mod_authn_dbd and mod_dbd up properly in your apache configuration, mod_dbd takes care of your database connection. Once you've done this (make sure your Apache is running with those modules active), then you can go ahead configuring them.
Add something like this to your apache configuration to configure the database connection:
<IfModule mod_dbd.c>
DBDriver mysql
DBDParams "host=(your_db_server, p.e. 127.0.0.1) dbname=your_db_name user=your_db_user pass=your_db_pass"
DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 200
</IfModule>
Now add your desired authentication configuration into the apache configuration:
<Directory "/your/svn/repository/path/">
Options FollowSymLinks Indexes MultiViews
AuthType Basic
AuthName "Allowed users Only"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT pwd FROM tbl_users, tbl_user_group WHERE tbl_users.user_id=%s AND tbl_user.user_id=tbl_user_group.user_id"
Require valid-user
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I've simplified the SELECT-statement for better readability, you have to expand this to get your configuration refined.
EDIT:
After typing I've found a very good example in the web, maybe read it here, too. It goes alot deeper than my simplified answer.

Magento multi website/store setup - please help!

I followed an article from Magento Support on how to set up a Magento installation with multiple websites, stores, and store views, but it screwed my installation and I couldn't access anything. Thanks to a couple of replies to my post, I was able to get back to some semblance of a working system.
I would really appreciate if someone could spot what stupid thing I must have done in my setup.
My requirements for this test setup are:
- One single admin area.
- Two websites.
- First website with 1 store (with 3 store views).
- Second website with 2 stores (each with one store view).
- I'd prefer to access the frontend using URLs like: http://www.firstwebsite.com rather than http://www.firstwebsite.com/magento/index.php
Machine is running Windows XP.
In the stores configuration I have this setup:
Websites:
Name=Main Website
code=base
Name=Paul Website
code=pws1
Stores:
Name=Main Store
Website=Main Website
Name=Electronics
Website=Paul Website
Name=Media
Website=Paul Website
Store Views:
Name=English
Store=Electronics
code=en1
Name=English
Store=Media
code=en2
Name=English
Store=Main Store
code=default
Name=French
Store=Main Store
code=french
Name=German
Store=Main Store
code=german
System/Configuration/General/Web (accessed by URL http://test.pdapache.com/magento/index.php):
Scope=Default Config
Add Store Code to Urls = No
Auto-redirect to Base URL = No
Secure and Unsecure URLs just set to {{base_url}} at this scope
Scope=Main Website
Unsecure Base URL=http://test.pdapache.com/magento/
Secure Base URL=https://test.pdapache.com/magento/
All other secure/unsecure not using default. Also Default Web URL=cms (use Default = No). CMS Home Page=Home Page (use default = no)
Scope=Paul Website
Unsecure Base URL=http://paulsplace.com/magento/
Secure Base URL=https://paulsplace.com/magento/
All other secure/unsecure not using default. Also Default Web URL=cms (use Default = No). CMS Home Page=Home Page (use default = no)
hosts file:
127.0.0.1 test.pdapache.com
127.0.0.1 www.paulsplace.com
127.0.0.1 paulsplace.com
httpd.conf:
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf file:
<VirtualHost *:80>
ServerAdmin me#myemail.com
DocumentRoot "C:/Applications/Apache Software Foundation/Apache2.2/htdocs"
ServerName paulsplace.com
ErrorLog "logs/paulsplace.com-error.log"
CustomLog "logs/paulsplace.com-access.log" common
SetEnv MAGE_RUN_TYPE website
SetEnv MAGE_RUN_CODE pws1
</VirtualHost>
<VirtualHost *:80>
ServerAdmin me#myemail.com
DocumentRoot "C:/Applications/Apache Software Foundation/Apache2.2/htdocs"
ServerName pdapache.com
ErrorLog "logs/pdapache.com-error.log"
CustomLog "logs/pdapache.com-access.log" common
SetEnv MAGE_RUN_TYPE website
SetEnv MAGE_RUN_CODE base
</VirtualHost>
When I go to either of these addresses:
http://test.pdapache.com/magento/index.php
http://www.paulsplace.com/magento/index.php
I get a Magento logo-ed page that just says "There was no Home CMS page configured or found"
The URLs I'd rather be using, i.e.
http://test.pdapache.com
http://www.paulsplace.com
just displays the Apache index.html "It works!" page.
Help! I guess I've made some stupid mistake somewhere, maybe more than one, but I don't know where.
Set your DocumentRoot to be C:/Applications/Apache Software Foundation/Apache2.2/htdocs/magento and remove the /magento from the base urls to get Magento showing at the root level.