Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache Load Balancer |
|
| Author |
|
rcalvente
Joined: 13 Dec 2024
Posts: 1
Location: Spain
|
 Posted: Mon 16 Dec '24 10:03 Post subject: Apache Load Balancer |
 |
|
Hi, I have an apache like reverse proxy with 3 tomcat's backend. I have the following configuration:
| Code: |
<Proxy balancer://registro>
# Tenemos que cambiar la cookie y personalizarla
Header add Set-Cookie "JSESSIONID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
BalancerMember ajp://172.22.9.93:9009/registro route=registro1
BalancerMember ajp://172.22.9.92:9009/registro route=registro2
BalancerMember ajp://172.22.9.94:9009/registro route=registro3
# Usamos la cookie personalizada y el metodo del balanceo
ProxySet stickysession=JSESSION
ProxySet lbmethod=byrequests
</Proxy>
ProxyPass /registro balancer://registro
ProxyPassReverse /registro balancer://registro
ProxyPass / balancer://registro
ProxyPassReverse / balancer://registro
|
I add the server.xml on tomcat like this:
| Code: |
<Engine name="Catalina" defaultHost="localhost" jvmRoute="registro1">
|
This configuration works well when I use user/password in my application, but when I want to authenticate with digital certificate, my application(is in tomcat) shows an external application (autofirma) for authenticate, then the apache gives the next node, and thereis non sticky session, for example my app is in node1 and the authentication application is in node2.
Anyone can helpme, please? |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 349
Location: UK
|
| Posted: Mon 16 Dec '24 22:04 Post subject: |
|
|
I suspect your problem is caused by Apache using the JSESSIONID cookie to control which back end node your load balancer configuration uses.
JSESSIONID is created and managed by your backend application, and may get changed or updated, as could well be the case with your certificate based authentication code.
Try setting a different Apache controlled cookie to provide routing stickyness. I like to use a time based cookie, since this records when the client connection was started, and may help with fault finding, e.g.
| Code: | # Define date and time environment variable, for possible use in session cookies.
#
RewriteCond %{TIME} (.+)
RewriteRule .* - [E=DT:%1,NE]
|
and then
| Code: | Header add Set-Cookie "ROUTEID=%{DT}e.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxySet lbmethod=byrequests stickysession=ROUTEID |
You may consider adding some failover options, depending whether your backends support session replication, e.g.
| Code: | | ProxySet nofailover=Off timeout=5 |
Let us know if this approach helps. |
|
| Back to top |
|
|
|
|
|
|
