Resin behind SSL Load Balancer

From Resin 3.0

Jump to: navigation, search


When Resin is run behind a hardware load balancer, some extra configuration may be required to support redirects and to handle security.

Since the local port and the local server name are different from the load balancer's name, in some configurations redirects may need extra configuration.

In addition, if the load balancer is handling SSL, Resin needs to be informed so it can pass the correct information to the servlet.

For redirects, Resin normally uses the "Host" header from the HTTP request as the host name. Since the "Host" is given by the browser, this is normally correct without any necessary changes. In other cases, you can set the host-name in the <host> item to force a host response.

The <set-request-secure/> tag in the host tells Resin that all requests coming to this virtual host should be treated as secure, including redirects.

resin.xml

<resin xmlns="http://caucho.com/ns/resin"
       xmlns:resin="urn:java:com.caucho.resin">

  <log-handler name="" level="all" path="stdout:"
               timestamp="[%y-%m-%d %H:%M:%S.%s] "/>

  <logger name="com.caucho" level="info"/>
 
  <cluster id="my-cluster">
    <server-default>
      <http port="8080"/>
    </server-default>

    <server id="a" address="192.168.1.10" port="6800"/>
 
    <resin:import path="${__DIR__}/app-default.xml"/>

    <development-mode-error-page/>
 
    <proxy-cache memory-size="64M"/>

    <host id="" host-name='my.host.com' secure-host-name='secure.host.com:8443'>
      <set-request-secure/>

      <web-app-deploy path="webapps"/>
 
    </host>
  </cluster>
</resin>
Personal tools