Click here to close now.

Welcome!

XML Authors: Elizabeth White, Carmen Gonzalez, Liz McMillan, Bob Gourley, Dana Gardner

Blog Feed Post

Configuring JBoss 7 with Apache

There are a number of articles out there about deploying applications to JBoss and about how to monitor JBoss, and in them the web application is usually accessed by pointing a browser to the web container running on port 8080. In enterprise production environments however, the application server does not exist in a vacuum – JBoss is usually fronted with the web server (most often Apache). This kind of setup brings about several benefits:

  • Improved security by limiting access to the app server. In an Internet application the web server is accessed directly by the clients. Separating the web server from the app server allows us to place the former in a Demilitarized Zone (DMZ), while the app server can live on a more protected corporate network. If the web server is compromised, there is an additional barrier for the hackers to overcome before they can get access to your precious application and database servers.
  • Improved security by limiting access to the application server. Some third-party plugins allow the web server to perform authentication against LDAP or RADIUS servers – unauthenticated/unauthorized requests do not even reach your application server.
  • Improved performance by caching static content. Apache can cache your static content (images, javascript and .css), while allowing the app server to concentrate on what it does best – business logic processing
  • Improved SSL performance. SSL performs on-the-fly encryption/decryption which can be computationally expensive. While JBoss can certainly handle it, it makes more sense to take the load off its shoulders and allow Apache to do the SSL heavy lifting (Apache can even use hardware SSL acceleration)
  • Last but not least, given the right setup, Apache can balance the load between your application servers very effectively (we will see how in a minute).

For simplicity, let’s assume the following:

  • we are running JBoss 7.1 in standalone mode
  • the operating system is CentOS 6.x
  • $JBOSS_HOME refers to the JBoss 7 installation directory (you don’t have to set this environment variable)
  • We will use the Monitis JMX agent web application to illustrate the process – the web application context is mon_jmx_agent

Configuring AJP

AJP stands for “Apache JServ Protocol” – this is the standard method of interfacing Apache with Tomcat (and later, JBoss) since the earliest versions of Tomcat. It is a packet-based protocol, which in it’s latest re-incarnation of 1.3 is very fast, while adding very little overhead. Tomcat (and by extension JBoss) speaks AJP out of the box. On the Apache side, the mod_proxy_ajp provides the necessary functionality. So let’s see how to put the whole thing together.

Step 1.Enable the AJP connector In JBoss 7 the AJP connector is not enabled by default, so let’s enable it. Open $JBOSS_HOME/standalone/configuration/standalone.xml, find the subsystem tag and add the AJP connector:

.....
        <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
...
            <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
...
        </subsystem>
.....

Next, make sure that the ajp socket binding definition exists:

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        ....
        <socket-binding name="ajp" port="8009"/>
...

Step 2. Configure mod_proxy_ajp Go to /etc/httpd/conf.d and create a file proxy_ajp.conf as follows

<IfModule !proxy_ajp_module>
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfModule>
ProxyPass /mon_jmx_agent ajp://localhost:8009/mon_jmx_agent

Step 3. Restart JBoss and Apache (in that order)
Now, open a web browser and navigate to http://localhost/mon_jmx_agent. You should see the JMX agent’s login screen.

Configuring mod_cluster

If you are running a cluster of multiple JBoss instances, you will need a load balancer to distribute the load between them. While both mod_proxy_ajp and mod_proxy_http do provide basic load-balancing functionality, it is somewhat limited. The most flexible way to implement load-balancing with apache nowadays is mod_cluster. Besides simply forwarding the requests to the cluster nodes, mod_cluster maintains a separate communication channel to the cluster nodes. This allows for more fine-grained load balancing based on a wider range of load-related parameters calculated by the cluster nodes. It also allows the cluster nodes to communicate lifecycle events to the mod_cluster load balancer, so that it can re-route the traffic accordingly. For instance, if you undeploy a WAR file on one of the cluster nodes, the load balancer will be aware of that and will route the requests to other nodes. Another important point is that mod_cluster supports dynamic discovery – the balancer does not need to be explicitly configured with the IP address/port numbers of the individual nodes.

Step 1. Configure yum for the EPEL repository (if not already enabled) Since mod_cluster is not yet part of the Apache distribution, we have to download separately from the EPEL repository, so let’s make sure yum is configured for this repository:

To check if EPEL is already configured in YUM, do

$rpm -qa epel-release

If the search results comes back blank, download the EPEL RPM from here (choose the appropriate version for the OS version you are running) and install it in order to configure yum for the EPEL repo:

$rpm -i epel-release-6-5.noarch.rpm

Step 2. Install mod_cluster and dependent modules

$yum install mod_cluster

Step 3: Configure mod_cluster

Step 3a. Open /etc/https/http.conf and make sure the following modules are enabled:

LoadModule proxy_module /modules/mod_proxy.so
LoadModule proxy_ajp_module /modules/mod_proxy_ajp.so
LoadModule slotmem_module /modules/mod_slotmem.so
LoadModule manager_module /modules/mod_manager.so
LoadModule proxy_cluster_module /modules/mod_proxy_cluster.so
LoadModule advertise_module /modules/mod_advertise.so

Step 3b. Create a file mod_cluster.conf in /etc/httpd/conf.d as follows:

<IfModule manager_module>
    Listen 192.168.1.100:6666   # change IP address to suit your environment
    ManagerBalancerName mycluster
    <VirtualHost 192.168.1.100:6666> # change IP address to suit your environment
        KeepAliveTimeout 300
        MaxKeepAliveRequests 0
        ServerAdvertise On
        AdvertiseGroup 224.0.1.105:23364
        AdvertiseSecurityKey secret # change key to match jboss config below

        <Location />
            Order deny,allow
      Deny from all
            Allow from 192.168.1. #change IP address filter to allow access from your local network
        </Location>
  </VirtualHost>
</IfModule>

Step 3c. Modify /etc/httpd/httpd.conf like so:

<VirtualHost *:80>
    ProxyPass / balancer://mycluster stickysession=JSESSIONID|jsessionid nofailover=On
    ProxyPassReverse / balancer://mycluster
    ProxyPreserveHost On

    <Location />
        Order deny,allow
        Allow from All
    </Location>

    <Location /mod_cluster_manager>
        SetHandler mod_cluster-manager
        Order deny,allow
        Deny from all
        Allow from 192.168.1. # change this to match your network setup
    </Location> 
</VirtualHost>

Step 3d: Modify the JBoss config file $JBOSS_HOME/standalone/configuration/standalone-ha.xml

<extensions>
...
    <extension module="org.jboss.as.modcluster"/>
...
</extensions>

<profile>
....
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
....
    <mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>
....
</profile>

<socket-binding-group name="standard-sockets" default-interface="public"
                       port-offset="${jboss.socket.binding.port-offset:0}">
...
    <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
...
</socket-binding-group>

Step 4. Start httpd

Step 5. Start JBoss with the standalone-ha.xml profile

That’s it. Open up a web browser and navigate to http://192.168.1.100/mod_cluster_manager and you should see the internal status page of the cluster manager:

The Contexts heading lists all application contexts (i.e. web applications) which are configures for this node. You should be able to open the Monitis JMX agent web application in a separate browser window: http://192.168.1.100/mon_jmx_agent (change the IP address as necessary).

Note: If the status page is blank, then the cluster nodes are not registering properly with the balancer. Make sure IP multicast is enabled between the web server and the app server machine (mod_cluster’s discovery functionality uses IP Multicast to advertise the balancer’s address and port to the cluster nodes). The usual culprits are SELinux and iptables, so you may have to create the appropriate rules. Alternatively, you can point JBoss 7 to the balancer explicitly instead of relying on autodiscovery. Replace the following line in the JBoss configuration file standalone-ha.conf:

<mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>

 

with one like this:

<mod-cluster-config proxy-list="192.168.1.100:6666"/>

For more information:

http://www.jboss.org/mod_cluster

http://docs.jboss.org/mod_cluster/1.1.0/html

http://oddthesis.org/posts/2008-12-jboss-and-mod_cluster/

 


Share Now:del.icio.usDiggFacebookLinkedInBlinkListDZoneGoogle BookmarksRedditStumbleUponTwitterRSS

Read the original blog entry...

More Stories By Hovhannes Avoyan

Hovhannes Avoyan is the CEO of Monitis, Inc., a provider of on-demand systems management and monitoring software to 50,000 users spanning small businesses and Fortune 500 companies.

Prior to Monitis, he served as General Manager and Director of Development at prominent web portal Lycos Europe, where he grew the Lycos Armenia group from 30 people to over 200, making it the company's largest development center. Prior to Lycos, Avoyan was VP of Technology at Brience, Inc. (based in San Francisco and acquired by Syniverse), which delivered mobile internet content solutions to companies like Cisco, Ingram Micro, Washington Mutual, Wyndham Hotels , T-Mobile , and CNN. Prior to that, he served as the founder and CEO of CEDIT ltd., which was acquired by Brience. A 24 year veteran of the software industry, he also runs Sourcio cjsc, an IT consulting company and startup incubator specializing in web 2.0 products and open-source technologies.

Hovhannes is a senior lecturer at the American Univeristy of Armenia and has been a visiting lecturer at San Francisco State University. He is a graduate of Bertelsmann University.

@ThingsExpo Stories
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) application providers dating back to 2004. Cybozu's kintone.com is a leading global BYOA (Build Your O...
With IoT exploding, massive data will transform businesses with opportunities to monetize almost anything that can be measured. In this C-Level Roundtable Discussion at @ThingsExpo, Brendan O’Brien, Aria Systems Co-founder and Chief Evangelist, will lead an expert panel of consultants, thought leaders and practitioners who will look at these new monetization trends, discuss the implications, and detail lessons learned from their collective experience. Finally, the panel will point the way forward for enterprises who wish to leverage the resulting complex recurring revenue models, adding valu...
How is unified communications transforming the way businesses operate? In his session at WebRTC Summit, Arvind Rangarajan, Director of Product Marketing at BroadSoft, will discuss how to extend unified communications experience outside the enterprise through WebRTC. He will also review use cases across different industry verticals. Arvind Rangarajan is Director, Product Marketing at BroadSoft. He has over 19 years of experience in the telecommunications industry in various roles such as Software Development, Product Management and Product Marketing, applied across Wireless, Unified Communic...
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements around Unified Networks, Cloud Computing strategies, Virtualization around Software defined Data Ce...
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquired by Aditi Technologies. He is a Microsoft Regional Director for Hyderabad, India, and one of the f...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to offer disruptive APIs to developers.
SYS-CON Events announced today that SoftLayer, an IBM company, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015 at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place November 3–5, 2015 at the Santa Clara Convention Center in Santa Clara, CA. SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from ...
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will meet your customers' needs of tomorrow - today! Ciqada. Let your products take flight. For more inform...
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool f...
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applications - creating more engaging experiences for their customers and boosting collaboration and productiv...
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
SYS-CON Events announced today that On the Avenue Marketing Group, a sales and marketing firm that utilizes events to market and sell products to consumers, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. On the Avenue Marketing Group (OTA) is a sales and marketing firm that utilizes events to market and sell products to consumers. On behalf of our clients, we attend thousands of fairs, festivals, expos, concerts, conferences, and sporting events annually, helping them reach millions of individuals ...
SYS-CON Events announced today that BroadSoft, the leading global provider of Unified Communications and Collaboration (UCC) services to operators worldwide, has been named “Gold Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol networks. The Company’s core communications platform enables the delivery of a range of enterprise and consumer calling...
SYS-CON Events announced today that ActiveState, the leading independent Cloud Foundry and Docker-based PaaS provider, has been named “Silver Sponsor” of SYS-CON's DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. ActiveState believes that enterprises gain a competitive advantage when they are able to quickly create, deploy and efficiently manage software solutions that immediately create business value, but they face many challenges that prevent them from doing so. The Company is uniquely positioned to help address these challenges thro...