Apache HTTP Server with Sticky Sessions
This article discusses the details of the Apache HTTP Server Load Balancer configuration to serve as a front end for two PAM nodes with sticky sessions options enabled. Please refer to the following diagram for the deployment.
Apache HTTPS server in this example utilizes the module mod_ssl. Make sure to install this module and enable it in the Apache server configuration.
For SELinux allow HTTPS server to connect using the command:
setsebool -P httpd_can_network_connect 1
The reverse proxy configuration is summarized in the SSL Virtual Host specification file below:
<VirtualHost *:80>
ServerName xtam-cos-farm.yourdomain.com
Redirect / https://xtam-cos-farm.yourdomain.com/xtam/
Redirect /xtam/ https://xtam-cos-farm.yourdomain.com/xtam/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
# followed 2 directives were set for being able to use self-signed certificates on farm nodes
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
ServerName xtam-cos-farm.yourdomain.com
<Proxy balancer://xtam-https-balancer>
BalancerMember https://<hosta-address>:6443 route=hosta
BalancerMember https://<hostb-address>:6443 route=hostb
ProxySet lbmethod=byrequests
ProxySet stickysession=JSESSIONID
</Proxy>
<Proxy balancer://xtam-ws-balancer>
BalancerMember ws://<hosta-address>:6443 route=hosta
BalancerMember ws://<hostb-address>:6443 route=hostb
ProxySet lbmethod=byrequests
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass / balancer://xtam-https-balancer/
ProxyPassReverse / balancer://xtam-https-balancer/
ProxyPass /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel
ProxyPassReverse /xtam/websocket-tunnel balancer://xtam-ws-balancer/xtam/websocket-tunnel
SSLCertificateFile /etc/ssl/certs/cert-name.crt
SSLCertificateKeyFile /etc/pki/tls/private/private_key.key
</VirtualHost>
On the PAM nodes modify Engine tag in $PAM_HOME/web/conf/server.xml file. This tag should include jvmRoute attribute identifying this node for the Apache server. Use hostb on the second PAM node server.xml file.
Note that load balancer configuration above references both hosta and hostb identifiers using route attribute of Proxy node description. You can use different identifiers but they have to match between the node server.xml and load balancer configuration files.
<Engine name="Catalina" defaultHost="localhost" jvmRoute="hosta">