Welcome!

Industrial IoT Authors: Elizabeth White, Liz McMillan, Ed Featherston, Pat Romanski, William Schmarzo

Blog Feed Post

Configuring JBoss 7 with Apache

There are a number of articles out there about deploying applications to JBoss and about how to monitor JBoss, and in them the web application is usually accessed by pointing a browser to the web container running on port 8080. In enterprise production environments however, the application server does not exist in a vacuum – JBoss is usually fronted with the web server (most often Apache). This kind of setup brings about several benefits:

  • Improved security by limiting access to the app server. In an Internet application the web server is accessed directly by the clients. Separating the web server from the app server allows us to place the former in a Demilitarized Zone (DMZ), while the app server can live on a more protected corporate network. If the web server is compromised, there is an additional barrier for the hackers to overcome before they can get access to your precious application and database servers.
  • Improved security by limiting access to the application server. Some third-party plugins allow the web server to perform authentication against LDAP or RADIUS servers – unauthenticated/unauthorized requests do not even reach your application server.
  • Improved performance by caching static content. Apache can cache your static content (images, javascript and .css), while allowing the app server to concentrate on what it does best – business logic processing
  • Improved SSL performance. SSL performs on-the-fly encryption/decryption which can be computationally expensive. While JBoss can certainly handle it, it makes more sense to take the load off its shoulders and allow Apache to do the SSL heavy lifting (Apache can even use hardware SSL acceleration)
  • Last but not least, given the right setup, Apache can balance the load between your application servers very effectively (we will see how in a minute).

For simplicity, let’s assume the following:

  • we are running JBoss 7.1 in standalone mode
  • the operating system is CentOS 6.x
  • $JBOSS_HOME refers to the JBoss 7 installation directory (you don’t have to set this environment variable)
  • We will use the Monitis JMX agent web application to illustrate the process – the web application context is mon_jmx_agent

Configuring AJP

AJP stands for “Apache JServ Protocol” – this is the standard method of interfacing Apache with Tomcat (and later, JBoss) since the earliest versions of Tomcat. It is a packet-based protocol, which in it’s latest re-incarnation of 1.3 is very fast, while adding very little overhead. Tomcat (and by extension JBoss) speaks AJP out of the box. On the Apache side, the mod_proxy_ajp provides the necessary functionality. So let’s see how to put the whole thing together.

Step 1.Enable the AJP connector In JBoss 7 the AJP connector is not enabled by default, so let’s enable it. Open $JBOSS_HOME/standalone/configuration/standalone.xml, find the subsystem tag and add the AJP connector:

.....
        <subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
...
            <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
...
        </subsystem>
.....

Next, make sure that the ajp socket binding definition exists:

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
        ....
        <socket-binding name="ajp" port="8009"/>
...

Step 2. Configure mod_proxy_ajp Go to /etc/httpd/conf.d and create a file proxy_ajp.conf as follows

<IfModule !proxy_ajp_module>
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfModule>
ProxyPass /mon_jmx_agent ajp://localhost:8009/mon_jmx_agent

Step 3. Restart JBoss and Apache (in that order)
Now, open a web browser and navigate to http://localhost/mon_jmx_agent. You should see the JMX agent’s login screen.

Configuring mod_cluster

If you are running a cluster of multiple JBoss instances, you will need a load balancer to distribute the load between them. While both mod_proxy_ajp and mod_proxy_http do provide basic load-balancing functionality, it is somewhat limited. The most flexible way to implement load-balancing with apache nowadays is mod_cluster. Besides simply forwarding the requests to the cluster nodes, mod_cluster maintains a separate communication channel to the cluster nodes. This allows for more fine-grained load balancing based on a wider range of load-related parameters calculated by the cluster nodes. It also allows the cluster nodes to communicate lifecycle events to the mod_cluster load balancer, so that it can re-route the traffic accordingly. For instance, if you undeploy a WAR file on one of the cluster nodes, the load balancer will be aware of that and will route the requests to other nodes. Another important point is that mod_cluster supports dynamic discovery – the balancer does not need to be explicitly configured with the IP address/port numbers of the individual nodes.

Step 1. Configure yum for the EPEL repository (if not already enabled) Since mod_cluster is not yet part of the Apache distribution, we have to download separately from the EPEL repository, so let’s make sure yum is configured for this repository:

To check if EPEL is already configured in YUM, do

$rpm -qa epel-release

If the search results comes back blank, download the EPEL RPM from here (choose the appropriate version for the OS version you are running) and install it in order to configure yum for the EPEL repo:

$rpm -i epel-release-6-5.noarch.rpm

Step 2. Install mod_cluster and dependent modules

$yum install mod_cluster

Step 3: Configure mod_cluster

Step 3a. Open /etc/https/http.conf and make sure the following modules are enabled:

LoadModule proxy_module /modules/mod_proxy.so
LoadModule proxy_ajp_module /modules/mod_proxy_ajp.so
LoadModule slotmem_module /modules/mod_slotmem.so
LoadModule manager_module /modules/mod_manager.so
LoadModule proxy_cluster_module /modules/mod_proxy_cluster.so
LoadModule advertise_module /modules/mod_advertise.so

Step 3b. Create a file mod_cluster.conf in /etc/httpd/conf.d as follows:

<IfModule manager_module>
    Listen 192.168.1.100:6666   # change IP address to suit your environment
    ManagerBalancerName mycluster
    <VirtualHost 192.168.1.100:6666> # change IP address to suit your environment
        KeepAliveTimeout 300
        MaxKeepAliveRequests 0
        ServerAdvertise On
        AdvertiseGroup 224.0.1.105:23364
        AdvertiseSecurityKey secret # change key to match jboss config below

        <Location />
            Order deny,allow
      Deny from all
            Allow from 192.168.1. #change IP address filter to allow access from your local network
        </Location>
  </VirtualHost>
</IfModule>

Step 3c. Modify /etc/httpd/httpd.conf like so:

<VirtualHost *:80>
    ProxyPass / balancer://mycluster stickysession=JSESSIONID|jsessionid nofailover=On
    ProxyPassReverse / balancer://mycluster
    ProxyPreserveHost On

    <Location />
        Order deny,allow
        Allow from All
    </Location>

    <Location /mod_cluster_manager>
        SetHandler mod_cluster-manager
        Order deny,allow
        Deny from all
        Allow from 192.168.1. # change this to match your network setup
    </Location> 
</VirtualHost>

Step 3d: Modify the JBoss config file $JBOSS_HOME/standalone/configuration/standalone-ha.xml

<extensions>
...
    <extension module="org.jboss.as.modcluster"/>
...
</extensions>

<profile>
....
<subsystem xmlns="urn:jboss:domain:modcluster:1.0">
....
    <mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>
....
</profile>

<socket-binding-group name="standard-sockets" default-interface="public"
                       port-offset="${jboss.socket.binding.port-offset:0}">
...
    <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/>
...
</socket-binding-group>

Step 4. Start httpd

Step 5. Start JBoss with the standalone-ha.xml profile

That’s it. Open up a web browser and navigate to http://192.168.1.100/mod_cluster_manager and you should see the internal status page of the cluster manager:

The Contexts heading lists all application contexts (i.e. web applications) which are configures for this node. You should be able to open the Monitis JMX agent web application in a separate browser window: http://192.168.1.100/mon_jmx_agent (change the IP address as necessary).

Note: If the status page is blank, then the cluster nodes are not registering properly with the balancer. Make sure IP multicast is enabled between the web server and the app server machine (mod_cluster’s discovery functionality uses IP Multicast to advertise the balancer’s address and port to the cluster nodes). The usual culprits are SELinux and iptables, so you may have to create the appropriate rules. Alternatively, you can point JBoss 7 to the balancer explicitly instead of relying on autodiscovery. Replace the following line in the JBoss configuration file standalone-ha.conf:

<mod-cluster-config advertise-socket="modcluster" advertise-security-key="secret"/>

 

with one like this:

<mod-cluster-config proxy-list="192.168.1.100:6666"/>

For more information:

http://www.jboss.org/mod_cluster

http://docs.jboss.org/mod_cluster/1.1.0/html

http://oddthesis.org/posts/2008-12-jboss-and-mod_cluster/

 


Share Now:del.icio.usDiggFacebookLinkedInBlinkListDZoneGoogle BookmarksRedditStumbleUponTwitterRSS

Read the original blog entry...

More Stories By Hovhannes Avoyan

Hovhannes Avoyan is the CEO of PicsArt, Inc.,

@ThingsExpo Stories
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
We all know the latest numbers: Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from last year, and will reach 20.8 billion by 2020. We're rapidly approaching a data production of 40 zettabytes a day – more than we can every physically store, and exabytes and yottabytes are just around the corner. For many that’s a good sign, as data has been proven to equal money – IF it’s ingested, integrated, and analyzed fast enough. Without real-ti...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it ...
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet a...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...