17.4. Web Server Configuration

17.4.1. About the Standalone Apache HTTP Server

JBoss EAP 6 is tested and supported with the Apache HTTP server which is included with certified versions of Red Hat Enterprise Linux 6. Apache HTTP server is also available for other operating systems, such as Microsoft Windows Server. However, since Apache HTTP server is a separate product produced by the Apache Foundation, it was previously difficult to be sure that the version of Apache HTTP server a customer used was compatible with JBoss EAP.
A standalone Apache HTTP server bundle is now available as a separate download with JBoss EAP 6. This simplifies installation and configuration in environments other than Red Hat Enterprise Linux, or on systems which already have a configured Apache HTTP server and want to use a separate instance for web applications. You can download this Apache HTTP server as a separate download in the Customer Service Portal, listed under the available JBoss EAP 6 downloads for your installation platform.

17.4.2. HTTPD Variable Conventions

Table 17.4. Native

Product HTTPD_CONF HTTPD_MODULES
Red Hat Enterprise Linux /etc/httpd/conf /etc/httpd/modules
HPUX /opt/hpws/apache/conf /opt/hpws/apache/modules

Table 17.5. EWS

Product HTTPD_CONF HTTPD_MODULES
Red Hat Enterprise Linux /HTTPD_HOME/EWS-ROOT/httpd/conf /HTTPD_HOME/EWS-ROOT/httpd/modules
Solaris /HTTPD_HOME/EWS-ROOT/etc/httpd/conf
/HTTPD_HOME/EWS-ROOT/lib/httpd/modules
or
/HTTPD_HOME/EWS-ROOT/lib64/httpd/modules
Windows /HTTPD_HOME/EWS-ROOT/etc/httpd/conf
/HTTPD_HOME/EWS-ROOT/lib/httpd/modules
or
/HTTPD_HOME/EWS-ROOT/lib64/httpd/modules

17.4.3. Install Apache HTTP Server in Red Hat Enterprise Linux 5, 6, and 7 (Zip)

Prerequisites

  • Root-level or administrator access.
  • A supported version of Java installed.
  • The following packages installed:
    • krb5-workstation
    • mod_auth_kerb (required for Kerberos functionality)
    • elinks (required for the apachectl functionality)
    • apr-util-devel (Apache Portability Runtime (APR))
    • apr-util-ldap (Red Hat Enterprise Linux 7 only, required for LDAP authentication functionality)
The Apache HTTP Server Zip archive contains symbolic links to several Kerberos modules, which is why the mod_auth_kerb package is a prerequisite. If Kerberos functionality is not required, there is no need to install the mod_auth_kerb package and the associated symbolic link can be deleted: EAP_HOME/httpd/modules/mod_auth_kerb.so.

Procedure 17.3. Install the Apache HTTP Server

  1. Navigate to the JBoss EAP downloads list for your platform, on the Red Hat Customer Portal.

    Log in to the Customer Portal and navigate to the Software Downloads page. Select the appropriate Product and Version.
  2. Choose the Apache HTTP Server binary from the list.

    Find the Apache HTTP Server option for your operating system and architecture. Click the Download link. A Zip file containing the Apache HTTP Server distribution downloads to your computer.
  3. Extract the Zip to the system where the Apache HTTP Server binary will run.

    Extract the Zip file on your preferred server, to a temporary location. The Zip file will contain the httpd directory under a jboss-ews-version-number folder. Copy the httpd folder and place it inside the EAP_HOME directory.
    Your Apache HTTP Server is now located in the EAP_HOME/httpd/ directory. This directory is referred to as HTTPD_HOME.
  4. Run the Post-installation script and create the apache user and group accounts

    In a terminal emulator, navigate to the EAP_HOME/httpd directory and execute the following command with root user privileges.
    ./.postinstall
    Next, verify that the apache user exists on the system by running the following command:
    id apache
    If the user does not exist then it will need to be added, along with the appropriate usergroup. In order to achieve this, execute the following with root user privileges:
    getent group apache >/dev/null || groupadd -g 48 -r apache
    getent passwd apache >/dev/null || useradd -r -u 48 \
    -g apache -s /sbin/nologin  -d HTTPD_HOME/httpd/www -c "Apache" apache
    
    Once this is completed, if the apache user will be running the Apache HTTP Server service, then the ownership of the HTTP directories will need to be changed to reflect this:
    chown -R apache:apache httpd
    To test that the above commands have been successful, check that the apache user has execution permission to the Apache HTTP Server install path.
    ls -l
    The output should be similar to:
    drwxrwxr-- 11 apache apache 4096 Feb 14 06:52 httpd
  5. Configure the Apache HTTP Server.

    Prior to starting the Apache HTTP Server, configure it to meet the needs of your organization. You can use the documentation available from the Apache Foundation at http://httpd.apache.org/ for general guidance.
  6. Start the Apache HTTP Server.

    Start the Apache HTTP Server using the following command:
    HTTPD_HOME/httpd/sbin/apachectl start
  7. Stop the Apache HTTP Server.

    To stop the Apache HTTP Server, issue the following command:
    HTTPD_HOME/httpd/sbin/apachectl stop

17.4.4. Install Apache HTTP Server in Red Hat Enterprise Linux (RHEL) 5, 6, and 7 (RPM)

Prerequisites

  • Root-level access.
  • The latest version of elinks package installed (required for the apachectl functionality).
  • Subscribe to Red Hat Enterprise Linux (RHEL) channels (to install Apache HTTP Server from RHEL channels).
  • Subscribe to jbappplatform-6-ARCH-server-VERS-rpm Red Hat Network (RHN) channel (to install EAP specific distribution of Apache HTTP Server).
You can install Apache HTTP Server using either of the following methods:
  • From Red Hat Enterprise Linux (RHEL) channels: An active subscription to Red Hat Enterprise Linux (RHEL) channels is necessary to install Apache HTTP server.
  • From jbappplatform-6-ARCH-server-VERS-rpm channel (JBoss EAP specific distribution): JBoss EAP distributes its own version of the Apache HTTP Server. An active subscription to jbappplatform-6-ARCH-server-VERS-rpm channel is necessary to install the JBoss EAP specific distribution of Apache HTTP Server.

Procedure 17.4. Install and Configure Apache HTTP Server in Red Hat Enterprise Linux 5 and 6 (RPM)

  1. Install httpd

    To install the JBoss EAP specific version of httpd package run the following command:
    yum install httpd
    To install httpd explicitly from Red Hat Enterprise Linux (RHEL) channels run the following command:
     yum install httpd --disablerepo=jbappplatform-6-*

    Note

    You must run only one of the above commands to install the httpd package on your system.
  2. Set the Service Boot Behavior

    You can define the service behavior for the httpd service at boot from the command line or with the service configuration graphical tool. Run the following command to define the behavior:
     chkconfig httpd on
    To use the service configuration tool run the following command and change the service setting in the displayed window:
     system-config-services
  3. Start httpd

    Start httpd using the following command:
    service httpd start
  4. Stop httpd

    Stop httpd using the following command:
    service httpd stop

Procedure 17.5. Install and Configure Apache HTTP Server in Red Hat Enterprise Linux 7 (RPM)

  1. Install httpd22

    To install the JBoss EAP specific version of httpd22 package run the following command:
    yum install httpd22
  2. Set the Service Boot Behavior

    Run the following command to start the httpd22 service at boot:
    systemctl enable httpd22.service
  3. Start httpd22

    Start httpd22 using the following command:
    systemctl start httpd22.service
  4. Stop httpd22

    Stop httpd22 using the following command:
    systemctl stop httpd22.service

17.4.5. Manage Apache HTTP Server Service for Microsoft Windows Server Environment

Procedure 17.6. Install the Apache HTTP Server service for Microsoft Windows Server environment

  • Install the Apache HTTP Server service using this command.

    cd /D "%EWS_HOME%\bin"
    httpd -k install
    This command installs an Apache HTTP Server service named Apache2.2.
    To specify a different name for the service, for example, ApacheBalancer, use the following command.
    cd /D "%EWS_HOME%\bin"
    httpd -k install -n ApacheBalancer

Procedure 17.7. Start the Apache HTTP Server service for Microsoft Windows Server environment

  • To start a service, you can either use httpd.exe or service manager.

    Using httpd.exe:
    cd /D "%EWS_HOME%\bin"
    httpd -k start -n Apache2.2
    Using service manager:
    net start Apache2.2

Procedure 17.8. Stop the Apache HTTP Server service for Microsoft Windows Server environment

  • To stop a service, you can either use httpd.exe or service manager.

    Using httpd.exe:
    cd /D "%EWS_HOME%\bin"
    httpd -k stop -n Apache2.2
    Using service manager:
    net stop Apache2.2

Procedure 17.9. Uninstall the Apache HTTP Server service for Microsoft Windows Server environment

  • To uninstall a service, it must be referenced by name. For example, to uninstall the service names ApacheBalancer, use the following command.

    cd /D "%EWS_HOME%\bin"
    httpd -k uninstall -n ApacheBalancer

17.4.6. mod_cluster Configuration on Apache HTTP Server

Summary

The mod_cluster connector is an Apache HTTP Server-based load balancer. It uses a communication channel to forward requests from the Apache HTTP Server to one of a set of application server nodes. The following derivatives can be set to configure mod_cluster.

Note

There is no need to use ProxyPass directives because mod_cluster automatically configures the URLs that must be forwarded to Apache HTTP Server.

Table 17.6. mod_cluster Derivatives

Derivative Description Values
CreateBalancers Defines how the balancers are created in the Apache HTTP Server VirtualHosts. This allows directives like: ProxyPass /balancer://mycluster1/.
0: Create all VirtualHosts defined in Apache HTTP Server
1: Do not create balancers (at least one ProxyPass or ProxyMatch is required to define the balancer names)
2: Create only the main server
Default: 2
While using the value 1, do not forget to configure the balancer in the ProxyPass directive, because the default is an empty stickysession and nofailover=Off and the values received via the MCMP CONFIG message are ignored.
UseAlias Check that the alias corresponds to the server name.
0: Ignore aliases
1: Check aliases
Default: 0
LBstatusRecalTime Time interval in seconds for loadbalancing logic to recalculate the status of a node.
Default: 5 seconds
WaitBeforeRemove Time in seconds before a removed node is forgotten by httpd.
Default: 10 seconds
ProxyPassMatch/ProxyPass
ProxyPassMatch and ProxyPass are mod_proxy directives which, when using ! (instead of the back-end URL), prevent reverse-proxy in the path. This is used to allow Apache HTTP Server to serve static content. For example,
ProxyPassMatch ^(/.*\.gif)$ !
The above example allows the Apache HTTP Server to serve the .gif files directly.
A hot-standby node in the mod_cluster logic is the last resort node to which all requests are routed if all other nodes are down. This is similar to the hot-standby logic in mod_proxy.
To configure a hot-standby node, replace the dynamic-load-provider in mod_cluster subsystem with a simple-load-provider with factor set to 0, for example:
<subsystem xmlns="urn:jboss:domain:modcluster:1.2">
    <mod-cluster-config advertise-socket="modcluster" connector="ajp">
-        <dynamic-load-provider>
-            <load-metric type="busyness"/>
-        </dynamic-load-provider>
+        <simple-load-provider factor="0"/>
    </mod-cluster-config>
</subsystem>

In mod_cluster-manager console, the node is displayed with OK status and Load: 0. For more information, refer Apache mod_cluster-manager Application section in the JBoss Enterprise Application Platform Development Guide.
For instance, if there are three nodes:
  • Node A, Load: 10
  • Node B, Load: 10
  • Node C, Load: 0
The load will be balanced between nodes A and B. If both the nodes are unavailable, node C will take the load.
mod_manager

The context of a mod_manager directive is VirtualHost in all cases, except when mentioned otherwise. server config context implies that the directive must be outside a VirtualHost configuration. If not, an error message is displayed and the Apache HTTP Server does not start.

Table 17.7. mod_manager Derivatives

Derivative Description Values
EnableMCPMReceive Allow the VirtualHost to receive the MCPM from the nodes. Include EnableMCPMReceive in the Apache HTTP Server configuration to allow mod_cluster to work. Save it in the VirtualHost where you configure advertising.
MemManagerFile
The base name for the names that mod_manager uses to store configuration, generate keys for shared memory or locked files. This must be an absolute path name; the directories are created if needed. It is recommended that these files are placed on a local drive and not an NFS share.
Context: server config
$server_root/logs/
Maxcontext The maximum number of contexts supported by mod_cluster
Context: server config
Default: 100
Maxnode The maximum number of nodes supported by mod_cluster.
Context: server config
Default: 20
Maxhost The maximum number of hosts (aliases) supported by mod_cluster. It also includes the maximum number of balancers.
Context: server config
Default: 20
Maxsessionid
The number of active sessionid stored to provide the number of active sessions in the mod_cluster-manager handler. A session is inactive when mod_cluster does not receive any information from the session within 5 minutes.
Context: server config
This field is for demonstration and debugging purposes only.
0: the logic is not activated.
MaxMCMPMaxMessSize The maximum size of MCMP messages from other Max directives Calculated from other Max directives. Min: 1024
ManagerBalancerName The name of balancer to use when the JBoss EAP instance does not provide a balancer name.
mycluster
PersistSlots Tells mod_slotmem to persist nodes, aliases and contexts in files.
Context: server config
Off
CheckNonce Switch check of nonce when using mod_cluster-manager handler.
on/off
Default: on - Nonce checked
AllowDisplay Switch additional display on mod_cluster-manager main page.
on/off
Default: off - only version is displayed
AllowCmd Allow commands using mod_cluster-manager URL.
on/off
Default: on - Commands allowed
ReduceDisplay Reduce the information displayed on the main mod_cluster-manager page, so that more nodes can be displayed on the page.
on/off
Default: off - full information is displayed
SetHandler mod_cluster-manager
Displays information about the node that mod_cluster sees from the cluster. The information includes generic information and additionally counts the number of active sessions.
						<Location /mod_cluster-manager>
							SetHandler mod_cluster-manager
							Order deny,allow
							Allow from 127.0.0.1
							</Location>
on/off
Default: off

Note

When accessing the location defined in httpd.conf:
Transferred: Corresponds to the POST data sent to the back-end server.
Connected: Corresponds to the number of requests that have been processed when the mod_cluster status page was requested.
Num_sessions: Corresponds to the number of sessions mod_cluster report as active (on which there was a request within the past 5 minutes). This field is not present when Maxsessionid is zero and is for demonstration and debugging purposes only.

17.4.7. Use an External Web Server as the Web Front-end for JBoss EAP 6 Applications

Overview

For reasons to use an external web server as the web front-end, as well as advantages and disadvantages of the different HTTP connectors supported by JBoss EAP 6, refer to Section 17.2.3, “Overview of HTTP Connectors”. In some situations, you can use the Apache HTTP Server that comes with your operating system. Otherwise, you can use the Apache HTTP Server that ships as part of JBoss Enterprise Web Server.

After you have decided which web server and HTTP connector to use, refer to one of the following procedures:

17.4.8. Configure JBoss EAP 6 to Accept Requests From External Web Servers

Overview

JBoss EAP 6 does not need to know which proxy it is accepting requests from, only the port and protocol to look for. This is not true of mod_cluster, which is more tightly coupled to the configuration of JBoss EAP 6. But the following task works for mod_jk, mod_proxy, ISAPI connector, and NSAPI connector. Substitute the protocols and ports in the examples with the ones you need to configure.

To configure JBoss EAP 6 for mod_cluster, refer to Section 17.6.6, “Configure a mod_cluster Worker Node”.

Prerequisites

  • You need to be logged into the Management CLI or Management Console to perform this task. The exact steps in the task use the Management CLI, but the same basic procedure is used in the Management Console.
  • You need a list of which protocols you will be using, whether HTTP, HTTPS, or AJP.

Procedure 17.10. Edit Configuration and add Socket Bindings

  1. Configure the jvmRoute system property.

    For a standalone mode instance, remove the prefix /host=NODE_NAME. Replace NODE_NAME with the name of the host.
    /host=NODE_NAME/system-property=jvmRoute/:add(value=NODE_NAME)
  2. List the connectors available in the web subsystem.

    Note

    This step is only necessary if you are not using the ha or full-ha profiles for either a standalone server, or a server group in a Managed Domain. Those configurations already include all of the necessary connectors.
    In order for an external web server to be able to connect to JBoss EAP 6's web server, the web subsystem needs a connector. Each protocol needs its own connector, which is tied to a socket group.
    To list the connectors currently available, issue the following command:
    /subsystem=web:read-children-names(child-type=connector)
    If there is no line indicating the connector your need (HTTP, HTTPS, AJP), you need to add the connector.
  3. Read the configuration of a connector.

    To see the details of how a connector is configured, you can read its configuration. The following command reads the configuration of the AJP connector. The other connectors have similar configuration output.
    /subsystem=web/connector=ajp:read-resource(recursive=true)
    {
        "outcome" => "success",
        "result" => {
            "enable-lookups" => false,
            "enabled" => true,
            "max-post-size" => 2097152,
            "max-save-post-size" => 4096,
            "protocol" => "AJP/1.3",
            "redirect-port" => 8443,
            "scheme" => "http",
            "secure" => false,
            "socket-binding" => "ajp",
            "ssl" => undefined,
            "virtual-server" => undefined
        }
    }
    
  4. Add the necessary connectors to the web subsystem.

    To add a connector to the web subsystem, it must have a socket binding. The socket binding is added to the socket binding group used by your server or server group. The following steps assume that your server group is server-group-one and that your socket binding group is standard-sockets.
    1. Add a socket to the socket binding group.

      To add a socket to the socket binding group, issue the following command, replacing the protocol and port with the ones you need.
      /socket-binding-group=standard-sockets/socket-binding=ajp:add(port=8009)
    2. Add the socket binding to the web subsystem.

      Issue the following command to add a connector to the web subsystem, substituting the socket binding name and protocol with the ones you need.
      /subsystem=web/connector=ajp:add(socket-binding=ajp, protocol="AJP/1.3", enabled=true, scheme="http")