开发者

SSL session migration

I configured my tomcat (6.0.29) cluster "by the book", using only the NIO HTTP connector load balanced by httpd mod_proxy_balancer (HTTP/HTTPS). When using HTTP, i can kill servers and still use my session perfecty. When using HTTPS t开发者_如何转开发he session is lost on failover.

Anyone had this kind of problem or can give me a hint to where i should debug this? The logs show no errors. My current connector looks like this:

<Connector port="8080" 
           protocol="org.apache.coyote.http11.Http11NioProtocol" 
           connectionTimeout="5000"
           maxThreads="500"
           minSpareThreads="25"
           maxSpareThreads="75"
           acceptCount="10"
           redirectPort="443"
           proxyName="www.govdigital.com.br"
           proxyPort="80" />

httpd proxy.conf:

#SSL
LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
<VirtualHost _default_:443>
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn
  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

  #Certificate, PK and CA Bundle
  SSLCertificateFile /srv/httpd/exported-pem.crt
  SSLCertificateKeyFile /srv/httpd/exported.key
  SSLCACertificateFile /srv/httpd/cabundle.pem
</VirtualHost>

#Proxy
ProxyRequests Off
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster>
    AddDefaultCharset Off
    #Working nodes
    BalancerMember http://10.1.1.2:8080 route=worker1
    BalancerMember http://10.1.1.3:8080 route=worker2
</Proxy>

#Cache
CacheEnable disk /decorators
CacheEnable disk /scripts
CacheRoot /ram/cache/
CacheDirLevels 6
CacheDirLength 3

CacheMaxFileSize 1000000
CacheMinFileSize 1

#Agressive caching
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod On
CacheIgnoreQueryString Off
CacheIgnoreHeaders None
CacheLastModifiedFactor 0.1
CacheDefaultExpire 3600
CacheMaxExpire 86400
CacheStoreNoStore On
CacheStorePrivate On

ErrorDocument 503 "Bad Servers<br/>No donuts for you"

thanks in advance :)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜