Apache HTTP Server with Sticky Sessions

This article discusses the details of the Apache HTTP Server Load Balancer configuration to serve as a front end for two PAM nodes with sticky sessions options enabled. Please refer to the following diagram for the deployment.

Apache HTTPS server in this example utilizes the module mod_ssl. Make sure to install this module and enable it in the Apache server configuration.

For SELinux allow HTTPS server to connect using the command:

Copy 
setsebool -P httpd_can_network_connect 1

 

The reverse proxy configuration is summarized in the SSL Virtual Host specification file below:

Copy 
<VirtualHost *:80>
   ServerName xtam-cos-farm.yourdomain.com
   Redirect / https://xtam-cos-farm.yourdomain.com/xtam/
   Redirect /xtam/ https://xtam-cos-farm.yourdomain.com/xtam/
</VirtualHost>

<VirtualHost *:443>
   SSLEngine on
   SSLProxyEngine on

   # followed 2 directives were set for being able to use self-signed certificates on farm nodes
   SSLProxyCheckPeerCN off
   SSLProxyCheckPeerName off

   ServerName xtam-cos-farm.yourdomain.com

   <Proxy balancer://xtam-https-balancer>
       BalancerMember https://<hosta-address>:6443 route=hosta
       BalancerMember https://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   <Proxy balancer://xtam-ws-balancer>
       BalancerMember ws://<hosta-address>:6443 route=hosta
       BalancerMember ws://<hostb-address>:6443 route=hostb
       ProxySet lbmethod=byrequests
       ProxySet stickysession=JSESSIONID
   </Proxy>

   ProxyPass / balancer://xtam-https-balancer/
   ProxyPassReverse / balancer://xtam-https-balancer/

   ProxyPass /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel
   ProxyPassReverse /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel

   SSLCertificateFile /etc/ssl/certs/cert-name.crt
   SSLCertificateKeyFile /etc/pki/tls/private/private_key.key
</VirtualHost>

 

On the PAM nodes modify Engine tag in $PAM_HOME/web/conf/server.xml file. This tag should include jvmRoute attribute identifying this node for the Apache server. Use hostb on the second PAM node server.xml file.

Note that load balancer configuration above references both hosta and hostb identifiers using route attribute of Proxy node description. You can use different identifiers but they have to match between the node server.xml and load balancer configuration files.

Copy 
<Engine name="Catalina" defaultHost="localhost" jvmRoute="hosta">