Skip to end of metadata
Go to start of metadata

Use the steps in the following topics to configure Apache Httpd as the load balancer for WSO2 products.

Configuring Apache Httpd

  1. Install Apache Httpd using the following command.
    $sudo apt-get install apache2
  2. Enable the following required modules.
    $sudo a2enmod proxy_http
    $sudo a2enmod ssl
    $sudo a2enmod proxy_balancer
  3. Configure Apache Httpd to direct the HTTP requests to the worker nodes with load balancing as http://as.wso2.com/<service> via HTTP 80 port.
    $sudo vi /etc/apache2/sites-available/wso2.as.com.conf

    <VirtualHost as.wso2.com:80>
    	ServerName as.wso2.com
    	# disable forward proxy requests
    	ProxyRequests off
    	<Proxy balancer://wso2.as.com>
    		# Add a member to the load balancing group
    		BalancerMember http://xxx.xxx.xxx.xx3:9763
    		BalancerMember http://xxx.xxx.xxx.xx4:9763
    		ProxySet lbmethod=byrequests
    	ProxyPass / balancer://wso2.as.com/
    	ProxyPassReverse / balancer://wso2.as.com/
  4. Configure Apache Httpd to direct the HTTPS requests to the worker nodes with load balancing as https://as.wso2.com/<service> via HTTPS 443 port.
    $sudo vi /etc/apache2/sites-available/wso2.as.com.conf

    <VirtualHost as.wso2.com:443>
    	ServerName as.wso2.com
    	ProxyRequests off
    	# creating debug logs
    	LogLevel debug
    	<Proxy balancer://ssl.wso2.as.com>
    		BalancerMember https://xxx.xxx.xxx.xx3:9443
    		BalancerMember https://xxx.xxx.xxx.xx4:9443
    		ProxySet lbmethod=byrequests
    	ProxyPass / balancer://ssl.wso2.as.com/
    	ProxyPassReverse / balancer://ssl.wso2.as.com/
    	# enable SSL/TLS for a that virtual host
    	SSLEngine On
    	SSLCertificateFile /etc/apache2/ssl/wrk.crt
    	SSLCertificateKeyFile /etc/apache2/ssl/wrk.key
    	# enable SSL/TLS for proxy usage in a particular virtual host
    	SSLProxyEngine On
  5. Configure Apache Httpd to access the management console as https://mgt.as.wso2.com/carbon via HTTPS 443 port.

    <VirtualHost mgt.as.wso2.com:443>
    ServerName mgt.as.wso2.com
    ProxyRequests off
    LogLevel debug
    ProxyPass /carbon https://xxx.xxx.xxx.xx2:9443/carbon/
    ProxyPassReverse /carbon/ https://xxx.xxx.xxx.xx2:9443/carbon/
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/mgt.crt
    SSLCertificateKeyFile /etc/apache2/ssl/mgt.key
    SSLProxyEngine On

Creating self-signed certificate for Apache httpd

  1. Generate private key.
    $sudo openssl genrsa -out ca.key 1024
  2. Generate a Certificate Signing Request (CSR).
    $sudo openssl req -new -key ca.key -out ca.csr
  3. Generate a self-signed key
    $sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

While creating the keys, enter the host name (as.wso2.com or mgt.as.wso2.com) as the Common Name.

Creating self-signed keystores

  1. Create a new keystore with a private and public key pair.
    $keytool -genkey -keyalg RSA -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -validity 360 -keysize 2048
  2. Export the public certificate.
    $keytool -export -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon -file wso2carbon.pem
  3. Import public certificate into client-truststore.jks.
    $keytool -import -alias wso2carbon -file wso2carbon.pem -keystore client-truststore.jks -storepass wso2carbon

While creating keys, enter the host name (as.wso2.com or mgt.as.wso2.com) as the Common Name.

Restarting Apache Httpd

  1. Enable virtual host configurations.
    $sudo a2ensite wso2.as.com.conf
  2. Restart Apache Httpd.
    $sudo /etc/init.d/apache2 restart
  • No labels