Recommended Apache Web Server (httpd) load balancer configuration for WCC / WebUI
Component : WORKLOAD CONTROL CENTER
This is just a suggested example only, and is highly recommended that this be done by a Load Balancer administrator
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
Note: Without the above modules loaded, httpd may not start properly.
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
# failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
ProxyPass /wcc balancer://wccbalancer stickysession=WCC-ASID failonstatus=503
ProxyPassReverse /wcc balancer://wccbalancer
# All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
# In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
# in <CA_WCC_INSTALL_LOCATION>/bin folder
<Proxy balancer://wccbalancer>
BalancerMember http://server1.example.com:8080/wcc route=server1.example.com timeout=30s
BalancerMember http://server2.example.com:8080/wcc route=server2.example.com timeout=30s
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
# failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
ProxyPass /wcc balancer://wccbalancer stickysession=ROUTEID failonstatus=503
ProxyPassReverse /wcc balancer://wccbalancer
# All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
# In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
# in <CA_WCC_INSTALL_LOCATION>/bin folder
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://wccbalancer>
BalancerMember http://server1.example.com:8080/wcc route=server1.example.com timeout=300s
BalancerMember http://server2.example.com:8080/wcc route=server2.example.com timeout=300s
</Proxy>
Below is an SSL example:
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
# failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
ProxyPass /wcc balancer://wccbalancer stickysession=ROUTEID failonstatus=503
ProxyPassReverse /wcc balancer://wccbalancer
# All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
# In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
# in <CA_WCC_INSTALL_LOCATION>/bin folder
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://wccbalancer>
BalancerMember https://server1.company.com:8443/wcc route=server1.company.com timeout=300s
BalancerMember https://server2.company.com:8443/wcc route=server2.company.com timeout=300s
</Proxy>
SSLProxyEngine On
SSLCertificateFile /httpd-2.4.18/Apache24/server-cert.pem
SSLCertificateKeyFile /httpd-2.4.18/Apache24/server-cert-key.key
SSLCertificateChainFile /httpd-2.4.18/Apache24/tomcat.pem
#server-cert.pem file is the server certificate
#server-cert-key.key file is the private key for the server-cert.pem certificate
#tomcat.pem file is the whole certificate chain of WCC SSL certificates that Apache HTTPD needs to be able to use
#below settings might be needed too if self-signed certs are being used on WCC nodes
# add them right after SSLProxyEngine On option described above OR before the <Location /balancer-manager> section
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off