Resin behind SSL Load Balancer
From Resin 3.0
(New page: Category: Cookbook When Resin is run behind a hardware load balancer, some extra configuration may be required to support redirects and to handle security. Since the local port and t...) |
|||
(One intermediate revision by one user not shown) | |||
Line 16: | Line 16: | ||
<resin xmlns="http://caucho.com/ns/resin" | <resin xmlns="http://caucho.com/ns/resin" | ||
xmlns:resin="urn:java:com.caucho.resin"> | xmlns:resin="urn:java:com.caucho.resin"> | ||
− | + | ||
<log-handler name="" level="all" path="stdout:" | <log-handler name="" level="all" path="stdout:" | ||
timestamp="[%y-%m-%d %H:%M:%S.%s] "/> | timestamp="[%y-%m-%d %H:%M:%S.%s] "/> | ||
− | |||
− | |||
+ | <logger name="com.caucho" level="info"/> | ||
+ | |||
<cluster id="my-cluster"> | <cluster id="my-cluster"> | ||
<server-default> | <server-default> | ||
<http port="8080"/> | <http port="8080"/> | ||
</server-default> | </server-default> | ||
− | |||
− | |||
+ | <server id="a" address="192.168.1.10" port="6800"/> | ||
+ | |||
<resin:import path="${__DIR__}/app-default.xml"/> | <resin:import path="${__DIR__}/app-default.xml"/> | ||
− | |||
− | |||
+ | <development-mode-error-page/> | ||
+ | |||
<proxy-cache memory-size="64M"/> | <proxy-cache memory-size="64M"/> | ||
− | + | ||
<host id="" host-name='my.host.com' secure-host-name='secure.host.com:8443'> | <host id="" host-name='my.host.com' secure-host-name='secure.host.com:8443'> | ||
<set-request-secure/> | <set-request-secure/> | ||
− | |||
− | |||
+ | <web-app-deploy path="webapps"/> | ||
+ | |||
</host> | </host> | ||
</cluster> | </cluster> | ||
</resin> | </resin> |
Latest revision as of 17:35, 21 October 2011
When Resin is run behind a hardware load balancer, some extra configuration may be required to support
redirects and to handle security.
Since the local port and the local server name are different from the load balancer's name, in some configurations redirects may need extra configuration.
In addition, if the load balancer is handling SSL, Resin needs to be informed so it can pass the correct information to the servlet.
For redirects, Resin normally uses the "Host" header from the HTTP request as the host name. Since the "Host" is given by the browser, this is normally correct without any necessary changes. In other cases, you can set the host-name in the <host> item to force a host response.
The <set-request-secure/> tag in the host tells Resin that all requests coming to this virtual host should be treated as secure, including redirects.
resin.xml
<resin xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> <log-handler name="" level="all" path="stdout:" timestamp="[%y-%m-%d %H:%M:%S.%s] "/> <logger name="com.caucho" level="info"/> <cluster id="my-cluster"> <server-default> <http port="8080"/> </server-default> <server id="a" address="192.168.1.10" port="6800"/> <resin:import path="${__DIR__}/app-default.xml"/> <development-mode-error-page/> <proxy-cache memory-size="64M"/> <host id="" host-name='my.host.com' secure-host-name='secure.host.com:8443'> <set-request-secure/> <web-app-deploy path="webapps"/> </host> </cluster> </resin>