Cyclos clustering in https

Any issue about installation and configuration of the Cyclos software

Moderators: hugo, alexandre, rmvanarkel

Post Reply
cycloshost
Posts: 578
Joined: Mon Jan 30, 2012 8:12 am
Contact:

Cyclos clustering in https

Post by cycloshost » Fri Apr 13, 2012 4:19 am

Hi,

we have configured Cyclos in clustering mode with 2 Tomcat instances following the instructions on the wiki here:
http://project.cyclos.org/wiki/index.ph ... Clustering

This works fine in port 80, but what should we do to allow the load balancer working only in https? I mean, should we configure SSL both in Apache and all Tomcat instances? Which other security measures are recommended when using clustering in SSL?

Thanks!
cycloshost.com
Cyclos administration and hosting

admin
Site Admin
Posts: 1413
Joined: Mon Jan 24, 2005 10:31 am

Re: Cyclos clustering in https

Post by admin » Fri Apr 13, 2012 11:24 am

All ssl configuration can be done in apache

On /etc/apache2/sites-enabled/XXX, add the following insite <VirtualHost>:

<IfModule mod_jk.c>
JkMount /cyclos/* LoadBalancer
JkMount /cyclos LoadBalancer
JkMount /jkmanager/* jkstatus
JkMount /jkmanager jkstatus
<Location /jkmanager>
Order deny,allow
Deny from all
Allow from localhost
</Location>
</IfModule>

You will need to move this section to the <virtualhost> section that contains the ssl ativation.

cycloshost
Posts: 578
Joined: Mon Jan 30, 2012 8:12 am
Contact:

Re: Cyclos clustering in https

Post by cycloshost » Sat Apr 14, 2012 5:52 pm

Hi,

we are including the Virtual Hosts in the httpd.conf file. When we use the port 80 everything works fine and we get Cyclos in the http domain:

Code: Select all

<VirtualHost *:80>
        <IfModule mod_jk.c>
        JkMount /* LoadBalancer
        JkMount / LoadBalancer
        JkMount /jkmanager/* jkstatus
        JkMount /jkmanager jkstatus
        <Location /jkmanager>
        Order deny,allow
        Deny from all
        Allow from localhost
</Location>
But when we add port 443 with exactly the same code, we get the main Apache welcome page, not Cyclos.

Code: Select all

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
        <IfModule mod_jk.c>
        JkMount /* LoadBalancer
        JkMount / LoadBalancer
        JkMount /jkmanager/* jkstatus
        JkMount /jkmanager jkstatus
        <Location /jkmanager>
        Order deny,allow
        Deny from all
        Allow from localhost
        </Location>
cycloshost.com
Cyclos administration and hosting

admin
Site Admin
Posts: 1413
Joined: Mon Jan 24, 2005 10:31 am

Re: Cyclos clustering in https

Post by admin » Tue Apr 17, 2012 1:46 pm

The following config worked for us:

Code: Select all

<VirtualHost *:443>
        DocumentRoot /var/www/
        LogLevel warn
        ErrorLog /var/log/apache2/default443-error.log
        CustomLog /var/log/apache2/default443-access.log combined
        ServerSignature Off
        <IfModule mod_jk.c>
        JkMount /cyclos/* LoadBalancer
        JkMount /cyclos LoadBalancer
        JkMount /jkmanager/* jkstatus
        JkMount /jkmanager jkstatus
        <Location /jkmanager>
          Order deny,allow
          Deny from all
          Allow from localhost
        </Location>
        </IfModule>
        <IfModule mod_ssl.c>
                SSLEngine on
        SSLProtocol -ALL +SSLv3 +TLSv1
                SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
                ServerSignature Off
                BrowserMatch ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
                SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                SSLCertificateFile /etc/ssl/certs/yourserver.com.crt
                SSLCertificateKeyFile /etc/ssl/private/yourserver.com.key
                SSLCACertificateFile /etc/ssl/certs/yourserver.com.intermediate.crt
        </IfModule>
</VirtualHost>

nzjustinc
Posts: 25
Joined: Fri Sep 16, 2011 9:19 am

Re: Cyclos clustering in https

Post by nzjustinc » Sat Apr 19, 2014 7:27 pm

i tried the above... I'm glad it works to a degree... however in my case the end result is...

https://www.domain.com:8443/cyclos

Is there anyway that 8443 can be hidden so the result is
https://www.domain.com/cyclos as I'm finding the 8443 very very evasive. :roll:

nzjustinc
Posts: 25
Joined: Fri Sep 16, 2011 9:19 am

Re: Cyclos clustering in https

Post by nzjustinc » Wed May 07, 2014 7:07 pm

found it by adding
Proxypass /cyclos http://ipnumber:8443/cyclos
ProxyPassReverse /cyclos http://ipnumber:8443/cyclos

to my VHost.conf file under Port *.443 and also switching from 8443 to 443 in the cyclos.properties file.
This is using Proxy under apache2 :D End result is https://domain.com/cyclos

jer5547

Re: Cyclos clustering in https

Post by jer5547 » Fri May 01, 2015 6:13 am

I don't get it?

where is the httpd.config file in apache 7?

cause when I use http://(myip):8080/cyclos it works

but if I use http://mydomain.com/cyclos it doesn't work

why?

Post Reply