loadbalancer.vmware.com
) and two for the Single Sign-On servers (sso1.vmware.com
, sso2.vmware.com
).httpd-2.2.22.tar.gz
.2034157-httpd.conf
file as an example, modify these fields:loadbalancer.vmware.com
)LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule status_module modules/mod_status.so
###################################################################################
# A) Add the load balanced hostname
# This hostname and port will be what is used to connect to SSO in KB 2033588
ServerName CHANGE-ME-loadbalanced-fqdn
Listen 443
###################################################################################
# B) Modify the location of the SSL files
SSLCertificateFile "c:/path_to_certs/server.crt"
SSLCertificateKeyFile "c:/path_to_certs/server.key"
SSLCertificateChainFile "c:/path_to_certs/cacert.pem"
###################################################################################
# C) Load Balance Rules.
# Only the hostnames should need to be changed in this section
#
# Update each Single Sign-On node hostname for each rule
#
# Replace 'node1.changeme.com' with the primary node FQDN
# Replace 'node2.changeme.com' with the backup node FQDN
###################################################################################
# Configure the STS for clustering
ProxyPass /ims/ balancer://stscluster/ nofailover=On
ProxyPassReverse /ims/ balancer://stscluster/
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ims" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://stscluster>
BalancerMember https://node1.changeme.com:7444/ims route=node1 loadfactor=100
BalancerMember https://node2.changeme.com:7444/ims route=node2 loadfactor=1
ProxySet lbmethod=byrequests stickysession=ROUTEID
</Proxy>
###################################################################################
#Configure the Groupcheck API clustering
ProxyPass /groupcheck/ balancer://gccluster/ nofailover=On
ProxyPassReverse /groupcheck/ balancer://gccluster/
<Proxy balancer://gccluster>
BalancerMember https://node1.changeme.com:7444/sso-adminserver route=node1 loadfactor=100
BalancerMember https://node2.changeme.com:7444/sso-adminserver route=node2 loadfactor=1
ProxySet lbmethod=byrequests stickysession=vmware_soap_session
</Proxy>
###################################################################################
#Configure the proxy for adminserver. It is located only on node1
ProxyPass /sso-adminserver/ https://node1.changeme.com:7444/sso-adminserver/
ProxyPassReverse /sso-adminserver/ https://node1.changeme.com:7444/sso-adminserver/
###################################################################################
#Configure the Lookup Service cluster
ProxyPass /lookupservice/ balancer://lscluster/ nofailover=On
ProxyPassReverse /lookupservice/ balancer://lscluster/
<Proxy balancer://lscluster>
BalancerMember https://node1.changeme.com:7444/lookupservice route=node1 loadfactor=1
BalancerMember https://node2.changeme.com:7444/lookupservice route=node2 loadfactor=1
ProxySet lbmethod=byrequests
</Proxy>
###################################################################################
#Configure for status pages [OPTIONAL]
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyStatus On
<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from all
</Location>
###################################################################################
# Standard configurations
SSLVerifyClient none
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
#SSLSessionCache "shmcb:C:/apachehttpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex default
SSLEngine on
SSLProxyEngine on
ProxyRequests On
###################################################################################
#Configure logging locations [OPTIONAL]
ErrorLog "C:/error.log"
TransferLog "C:/access.log"