TECHIE KERNEL

A Technology Blog About Code Development, Architecture, Operating System, Hardware, Tips and Tutorials for Developers.

Showing posts with label SERVERS. Show all posts
Showing posts with label SERVERS. Show all posts

Sunday, December 19, 2010

JSESSIONID & APACHE STICKY SESSION

3:45:00 PM Posted by Satish , , , 1 comment
Recently I and my team implemented the sticky session feature from apache to our application. After that we started getting frequent session time out issue from testing team. After a long analysis we found, the browser is not flushing the JSESSIONID each time the new session get created from the server. So if the cached session is of node 1 and new session is get created from node 2 the user used to get the session time out problem as apache used to redirect the request to node 1, where there is no session available.We found out this after analyzing the request header and server logs.

So we came up with a solution to flush the JSESSIONID each time the user comes to login page. Bellow is the java script code for the same.


<script>
setCookiesecure("JSESSIONID", getCookie("JSESSIONID"), -1, "/", null, true);
</script>


function setCookiesecure (name,value,expires,path,domain,secure) {

document.cookie = name + "=" + value + ((expires) ? "; expires=" + expires : "") + ((path) ? ";path=" +      path : "") + ((domain) ? "; domain=" +domain :"") + ((secure) ? "; secure" : "");
}


function getCookie( name )
{
        var start = document.cookie.indexOf( name + "=" );
        var len = start + name.length + 1;
        if ( ( !start ) && ( name != document.cookie.substring(0, name.length ) ) ) { 
        return null; 
        }

        if ( start == -1 ) return null;

        var end = document.cookie.indexOf( ";", len ); 
        if ( end == -1 ) end = document.cookie.length;
        return unescape( document.cookie.substring( len, end ) );
}



RESOURCE CACHING FROM APACHE

3:17:00 PM Posted by Satish , , , , No comments
1. Uncomment the following lines from the "$apache_home/conf/httpd.conf".

LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so

2. Add the following lines to "$apache_home/conf/mod-jk.conf" at the last.
#cache settings

ExpiresActive On

    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all
    ExpiresDefault A25920003

Now you can check the request header, the resources can be in browser's cache for 30 days.

STATIC RESOURCE APACHE PROXY

2:46:00 PM Posted by Satish , , , , , No comments

1. Dump your application static resources i.e images, css, html, javascript to "$apache_home\htdocs\".

2. Add the following lines to the "$apache_home/conf/mod-jk.conf" bellow "# Let Apache serve the images"

JkUnMount /__application__/css/* node1
JkUnMount /__application__/images/* node1
JkUnMount /__application__/xmlhttp/* node1
JkUnMount /__application__/js/* node1

Note: In case of multiple nodes, the load balancer name in place of node1.

3. Add the following lines to the "$apache_home/conf/uriworkermap.properties"  at the last.

!/*/css/*=*
!/*/images/*=*
!/*/xmlhttp/*=*
!/*/js/*=*

4. Now remove the static resources from your war/ ear.

APACHE SETUP FOR JBOSS

2:36:00 PM Posted by Satish , , , , No comments
1. Download Apache HTTP 2.2 from here(http://olex.openlogic.com/package_versions/download/9478?package_version_id=5577&path=openlogic%2Fapache%2F2.2.17%2Fopenlogic-apache-2.2.17-windows-ins-no-ssl-1.zip)


2. Unzip the file and double click on the installation file. Next follow the screen instructions to install.

3. After installation click the test configuration to test if Apache is working or not.

4. Now start the apache by clicking start from Apache sub menu.

5. Request for http://localhost/ to check the status.

6. Now time to confirure the proxy set up for Jboss. To do so we are going to use the the mod jk module in apache http.

7. Download themod_jk-1.2.31-httpd-2.2.3.s from here(http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.31/mod_jk-1.2.31-httpd-2.2.3.so).

8. Rename the file to mod_jk.so and put to the "$apache_home/modules/" folder.

9. Now open the "$apache_home/conf/httpd.conf" and add the following lines at the end.

<IfModule !mod_jk.c>
  LoadModule jk_module modules/mod_jk.so
</IfModule>

#Include mod_jk configuration file
Include "C:/Program Files/Apache Software Foundation/Apache2.2/conf/mod-jk.conf"

Note: change the path acording to your environment.

10. Create a file "$apache_home/conf/mod-jk.conf" and add the following content to that.

# Load mod_jk module
# Specify the filename of the mod_jk lib
#LoadModule jk_module modules/mod_jk.so

# Where to find workers.properties
#JkWorkersFile conf/workers.properties
JkWorkersFile conf/workers.properties


# Where to put jk logs
#JkLogFile logs/mod_jk.log
JkLogFile logs/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel info

# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

# JkOptions indicates to send SSK KEY SIZE
# Notes:
# 1) Changed from +ForwardURICompat.
# 2) For mod_rewrite compatibility, use +ForwardURIProxy (default since 1.2.24)
# See http://tomcat.apache.org/security-jk.html
JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories

# JkRequestLogFormat
JkRequestLogFormat "%w %V %T"

# Mount your applications
JkMount /__application__/* node1

# Let Apache serve the images
#JkUnMount /__application__/images/* node1


# You can use external file for mount points.
# It will be checked for updates each 60 seconds.
# The format of the file is: /url=worker
# /examples/*=ajp13
JkMountFile  conf/uriworkermap.properties

# Add shared memory.
# This directive is present with 1.2.10 and
# later versions of mod_jk, and is needed for
# for load balancing to work properly
# Note: Replaced JkShmFile logs/jk.shm due to SELinux issues. Refer to
# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225452
JkShmFile run/jk.shm

# Add jkstatus for managing runtime data
<Location /jkstatus>
JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>

11. Now create "$apache_home/conf/workers.property" and add the following lines to that.

# Define list of workers that will be used
# For mapping requests
worker.list=node1,status


# Define Node1
worker.node1.port=8009
worker.node1.host=10.5.1.26
worker.node1.type=ajp13
#ping_mode as of mod_jk
worker.node1.ping_mode=A
#worker.node1.socket_timeout=10
        
# Status worker for managing load balancer
worker.status.type=status
#worker.localhost.host=10.5.1.26

Note: Change the host IP according to your IP. This configuration has been done for only one node. So there is no load balancer. You can add more than two nodes and a load balancer to manage. You can also enable sticky session if Jboss clustering and session replication is not enabled. 

12. Now create "$apache_home/conf/uriworkermap.properties" and add the following lines to that.

# Mount the Servlet context to the ajp13 worker
/jmx-console=node1
/jmx-console/*=node1
/web-console=node1
/web-console/*=node1
/test=node1
/test/*=node1

13. Now Jboss has to be configured to work with Apache.

A) Open "$jboss_Home/server//deploy/jboss.web-deployer/server.xml"

search for the following line and specify jvmRoot attribute to node1 as bellow.
Engine name = ”jboss.web” default host = “hostname” jvmRoute = “node1”

B)  Open "$jboss_Home/server/<instance_name>/deploy/jboss.web-deployer/meta-INF/jboss-service.xml"

search for "useJK" and make the value to "true" as bellow.
<attributename = “UseJK” > true</attribute>

14. Now restart the both web and app server. To test access test from web server DNS ie http://localhost/test.

Saturday, July 17, 2010

TOMCAT SSL CONFIGURATION IN UBUNTU

11:12:00 PM Posted by Satish , , , , No comments

This post is made considering the the system is having jdk 6 and Tomcat 6 installed and "JAVA_HOME" environment variable is set.

Bellow are the steps to configure tomcat to listen https port (8443)

1. Create a certificate keystore by executing the following command. It will ask few questions. It will also ask one password to enter. You have to remember this password as you need to specify that to configuration file.  You can store the keystore any where. 
    keytool -genkey -alias tomcat -keyalg RSA 
    \-keystore /usr/local/tomcat/conf/.keystore



2. Now configure "tomcat_home"\conf\server.xml, add the following  code.







    <Connector 

    port="8443" 



    protocol="org.apache.coyote.http11.Http11Protocol"   



    maxThreads="200"

    scheme="https" secure="true" SSLEnabled="true"

    keystoreFile="/usr/local/tomcat/conf/.keystore"  



    keystorePass="password"

    clientAuth="false" 



    sslProtocol="TLS"/>  







You are done with your configuration. Save the "server.xml" file.  Restart your tomcat. Now type https://localhost:8443



This should  show you the same tomcat homepage but in secured format.