Welcome!

Industrial IoT Authors: Liz McMillan, Carmen Gonzalez, Pat Romanski, Elizabeth White, Eric Robertson

Blog Feed Post

Configuring JBoss 7 with Apache

There are a number of articles out there about deploying applications to JBoss and about how to monitor JBoss, and in them the web application is usually accessed by pointing a browser to the web container running on port 8080. In enterprise production environments however, the application server does not exist in a vacuum – JBoss is usually fronted with the web server (most often Apache). This kind of setup brings about several benefits:

  • Improved security by limiting access to the app server. In an Internet application the web server is accessed directly by the clients. Separating the web server from the app server allows us to place the former in a Demilitarized Zone (DMZ), while the app server can live on a more protected corporate network. If the web server is compromised, there is an additional barrier for the hackers to overcome before they can get access to your precious application and database servers.
  • Improved security by limiting access to the application server. Some third-party plugins allow the web server to perform authentication against LDAP or RADIUS servers – unauthenticated/unauthorized requests do not even reach your application server.
  • Improved performance by caching static content. Apache can cache your static content (images, javascript and .css), while allowing the app server to concentrate on what it does best – business logic processing
  • Improved SSL performance. SSL performs on-the-fly encryption/decryption which can be computationally expensive. While JBoss can certainly handle it, it makes more sense to take the load off its shoulders and allow Apache to do the SSL heavy lifting (Apache can even use hardware SSL acceleration)
  • Last but not least, given the right setup, Apache can balance the load between your application servers very effectively (we will see how in a minute).

For simplicity, let’s assume the following:

  • we are running JBoss 7.1 in standalone mode
  • the operating system is CentOS 6.x
  • $JBOSS_HOME refers to the JBoss 7 installation directory (you don’t have to set this environment variable)
  • We will use the Monitis JMX agent web application to illustrate the process – the web application context is mon_jmx_agent

Configuring AJP

AJP stands for “Apache JServ Protocol” – this is the standard method of interfacing Apache with Tomcat (and later, JBoss) since the earliest versions of Tomcat. It is a packet-based protocol, which in it’s latest re-incarnation of 1.3 is very fast, while adding very little overhead. Tomcat (and by extension JBoss) speaks AJP out of the box. On the Apache side, the mod_proxy_ajp provides the necessary functionality. So let’s see how to put the whole thing together.

Step 1.Enable the AJP connector In JBoss 7 the AJP connector is not enabled by default, so let’s enable it. Open $JBOSS_HOME/standalone/configuration/standalone.xml, find the subsystem tag and add the AJP connector:

.....
        <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
...
            <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
...
        </subsystem>
.....

Next, make sure that the ajp socket binding definition exists:

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        ....
        <socket-binding name="ajp" port="8009"/>
...

Step 2. Configure mod_proxy_ajp Go to /etc/httpd/conf.d and create a file proxy_ajp.conf as follows

<IfModule !proxy_ajp_module>
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfModule>
ProxyPass /mon_jmx_agent ajp://localhost:8009/mon_jmx_agent

Step 3. Restart JBoss and Apache (in that order)
Now, open a web browser and navigate to http://localhost/mon_jmx_agent. You should see the JMX agent’s login screen.

Configuring mod_cluster

If you are running a cluster of multiple JBoss instances, you will need a load balancer to distribute the load between them. While both mod_proxy_ajp and mod_proxy_http do provide basic load-balancing functionality, it is somewhat limited. The most flexible way to implement load-balancing with apache nowadays is mod_cluster. Besides simply forwarding the requests to the cluster nodes, mod_cluster maintains a separate communication channel to the cluster nodes. This allows for more fine-grained load balancing based on a wider range of load-related parameters calculated by the cluster nodes. It also allows the cluster nodes to communicate lifecycle events to the mod_cluster load balancer, so that it can re-route the traffic accordingly. For instance, if you undeploy a WAR file on one of the cluster nodes, the load balancer will be aware of that and will route the requests to other nodes. Another important point is that mod_cluster supports dynamic discovery – the balancer does not need to be explicitly configured with the IP address/port numbers of the individual nodes.

Step 1. Configure yum for the EPEL repository (if not already enabled) Since mod_cluster is not yet part of the Apache distribution, we have to download separately from the EPEL repository, so let’s make sure yum is configured for this repository:

To check if EPEL is already configured in YUM, do

$rpm -qa epel-release

If the search results comes back blank, download the EPEL RPM from here (choose the appropriate version for the OS version you are running) and install it in order to configure yum for the EPEL repo:

$rpm -i epel-release-6-5.noarch.rpm

Step 2. Install mod_cluster and dependent modules

$yum install mod_cluster

Step 3: Configure mod_cluster

Step 3a. Open /etc/https/http.conf and make sure the following modules are enabled:

LoadModule proxy_module /modules/mod_proxy.so
LoadModule proxy_ajp_module /modules/mod_proxy_ajp.so
LoadModule slotmem_module /modules/mod_slotmem.so
LoadModule manager_module /modules/mod_manager.so
LoadModule proxy_cluster_module /modules/mod_proxy_cluster.so
LoadModule advertise_module /modules/mod_advertise.so

Step 3b. Create a file mod_cluster.conf in /etc/httpd/conf.d as follows:

<IfModule manager_module>
    Listen 192.168.1.100:6666   # change IP address to suit your environment
    ManagerBalancerName mycluster
    <VirtualHost 192.168.1.100:6666> # change IP address to suit your environment
        KeepAliveTimeout 300
        MaxKeepAliveRequests 0
        ServerAdvertise On
        AdvertiseGroup 224.0.1.105:23364
        AdvertiseSecurityKey secret # change key to match jboss config below

        <Location />
            Order deny,allow
      Deny from all
            Allow from 192.168.1. #change IP address filter to allow access from your local network
        </Location>
  </VirtualHost>
</IfModule>

Step 3c. Modify /etc/httpd/httpd.conf like so:

<VirtualHost *:80>
    ProxyPass / balancer://mycluster stickysession=JSESSIONID|jsessionid nofailover=On
    ProxyPassReverse / balancer://mycluster
    ProxyPreserveHost On

    <Location />
        Order deny,allow
        Allow from All
    </Location>

    <Location /mod_cluster_manager>
        SetHandler mod_cluster-manager
        Order deny,allow
        Deny from all
        Allow from 192.168.1. # change this to match your network setup
    </Location> 
</VirtualHost>

Step 3d: Modify the JBoss config file $JBOSS_HOME/standalone/configuration/standalone-ha.xml

<extensions>
...
    <extension module="org.jboss.as.modcluster"/>
...
</extensions>

<profile>
....
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
....
    <mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>
....
</profile>

<socket-binding-group name="standard-sockets" default-interface="public"
                       port-offset="${jboss.socket.binding.port-offset:0}">
...
    <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
...
</socket-binding-group>

Step 4. Start httpd

Step 5. Start JBoss with the standalone-ha.xml profile

That’s it. Open up a web browser and navigate to http://192.168.1.100/mod_cluster_manager and you should see the internal status page of the cluster manager:

The Contexts heading lists all application contexts (i.e. web applications) which are configures for this node. You should be able to open the Monitis JMX agent web application in a separate browser window: http://192.168.1.100/mon_jmx_agent (change the IP address as necessary).

Note: If the status page is blank, then the cluster nodes are not registering properly with the balancer. Make sure IP multicast is enabled between the web server and the app server machine (mod_cluster’s discovery functionality uses IP Multicast to advertise the balancer’s address and port to the cluster nodes). The usual culprits are SELinux and iptables, so you may have to create the appropriate rules. Alternatively, you can point JBoss 7 to the balancer explicitly instead of relying on autodiscovery. Replace the following line in the JBoss configuration file standalone-ha.conf:

<mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>

 

with one like this:

<mod-cluster-config proxy-list="192.168.1.100:6666"/>

For more information:

http://www.jboss.org/mod_cluster

http://docs.jboss.org/mod_cluster/1.1.0/html

http://oddthesis.org/posts/2008-12-jboss-and-mod_cluster/

 


Share Now:del.icio.usDiggFacebookLinkedInBlinkListDZoneGoogle BookmarksRedditStumbleUponTwitterRSS

Read the original blog entry...

More Stories By Hovhannes Avoyan

Hovhannes Avoyan is the CEO of PicsArt, Inc.,

@ThingsExpo Stories
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Unsecured IoT devices were used to launch crippling DDOS attacks in October 2016, targeting services such as Twitter, Spotify, and GitHub. Subsequent testimony to Congress about potential attacks on office buildings, schools, and hospitals raised the possibility for the IoT to harm and even kill people. What should be done? Does the government need to intervene? This panel at @ThingExpo New York brings together leading IoT and security experts to discuss this very serious topic.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.