[keycloak-user] Modcluster integration with keycloak
Olivier Rivat
orivat at janua.fr
Tue Feb 13 06:34:39 EST 2018
!Found
It required to enable all the modules.
They are not enabled by default on ubuntu!!!!
sudo a2enmod proxy proxy_http proxy_ajp
Module proxy already enabled
Considering dependency proxy for proxy_http:
Module proxy already enabled
Module proxy_http already enabled
Considering dependency proxy for proxy_ajp:
Module proxy already enabled
Enabling module proxy_ajp.
To activate the new configuration, you need to run:
service apache2 restart
Regards,
Olivier
Le 13/02/2018 à 12:20, Olivier Rivat a écrit :
>
>
>
>
> Configuring Keycloak With Modcluster in standalone h amode with wildfly
>
>
>
> 1) I am atrying to setup a cluster ins standalone mode with keycloak.
>
> I have
> -keycloak 3.4.3
> -wildfly 11
> -modcluster 1.3
>
>
> 1) mod_cluster
> ==============
> I have configured on a unnutu distribution mod_cluster as follwos:
>
> MemManagerFile cache/mod_cluster
>
> <IfModule manager_module>
> Listen 8180 http
> <VirtualHost vps383894.ovh.net:8180>
> <Directory />
> # add ip of JBoss nodes to join this proxy here
> Require ip 127.0.0.1
> #Require all granted
> Allow from all
>
> </Directory>
> ServerAdvertise on
> EnableMCPMReceive
> <Location /mod_cluster_manager>
> SetHandler mod_cluster-manager
> # add ip of clients allowed to access mod_cluster-manager
> Require ip 127.0.0.1
> #Require all granted
> Allow from all
> </Location>
> </VirtualHost>
> </IfModule>
>
>
> I can access it at URL
> http://vps383894.ovh.net:8180/mod_cluster_manager to check that
> mod_cluster is operational
>
> 2) Keycloak server
> ==================
> On my server I have instaled keycloak
>
> http://www.keycloak.org/docs/latest/server_installation/index.html#_example-setup-with-mod-cluster
>
>
> route add -net 224.0.0.0 netmask 240.0.0.0 dev lo
> ifconfig lo multicast
>
>
>
> The difference I have introduced
>
>
> I have started it as ./standalone.sh -c standalone-ha.xml
> -Djboss.socket.binding.port-offset=200 -Djboss.node.name=node1
>
> I have updated the xml as follows:
>
> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
> <buffer-cache name="default"/>
> <server name="default-server">
> <ajp-listener name="ajp" socket-binding="ajp"/>
> <http-listener name="default" socket-binding="http"
> redirect-socket="https" enable-http2="true"/>
> <https-listener name="https" socket-binding="https"
> security-realm="ApplicationRealm" enable-http2="true"/>
> <host name="default-host" alias="localhost">
> <location name="/" handler="welcome-content"/>
> <http-invoker security-realm="ApplicationRealm"/>
> <filter-ref name="proxy-peer"/>
> </host>
> </server>
> <servlet-container name="default">
> <jsp-config/>
> <websockets/>
> <session-cookie name="AUTH_SESSION_ID" http-only="true" />
> </servlet-container>
> <handlers>
> <file name="welcome-content"
> path="${jboss.home.dir}/welcome-content"/>
> </handlers>
> <filters>
> <filter name="proxy-peer"
> class-name="io.undertow.server.handlers.ProxyPeerAddressHandler"
> module="io.undertow.core" />
> </filters>
> </subsystem>
>
>
> changes:
>
> 2.1)
>
> X-Forwarded-For AJP Config
>
> <subsystem xmlns="urn:jboss:domain:undertow:4.0">
> <buffer-cache name="default"/>
> <server name="default-server">
> <ajp-listener name="ajp" socket-binding="ajp"/>
> <http-listener name="default" socket-binding="http"
> redirect-socket="https"/>
> <host name="default-host" alias="localhost">
> ...
> <filter-ref name="proxy-peer"/>
> </host>
> </server>
> ...
> <filters>
> ...
> <filter name="proxy-peer"
> class-name="io.undertow.server.handlers.ProxyPeerAddressHandler"
> module="io.undertow.core" />
> </filters>
> </subsystem>
>
>
> 2.2)
>
> servlet-container name="default">
> <session-cookie name="AUTH_SESSION_ID" http-only="true" />
> ...
> </servlet-container>
>
>
>
>
>
>
> 3) Traces
> =========
>
> Now I try to access to http://vps383894.ovh.net:8180/auth to access to
> teh keycloak authent URL
>
> I obtain the following errors in apache module in error log trace
>
>
> Tue Feb 13 11:07:44.023463 2018] [core:notice] [pid 17183:tid
> 140195770410880] AH00094: Command line: '/usr/sbin/apache2'
> [Tue Feb 13 11:43:03.239246 2018] [mpm_event:notice] [pid 17183:tid
> 140195770410880] AH00491: caught SIGTERM, shutting down
> [Tue Feb 13 11:43:04.383906 2018] [ssl:warn] [pid 23735:tid
> 139634017527680] AH01906: vps383894.ovh.net:443:0 server certificate
> is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Tue Feb 13 11:43:04.415962 2018] [ssl:warn] [pid 23736:tid
> 139634017527680] AH01906: vps383894.ovh.net:443:0 server certificate
> is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Tue Feb 13 11:43:04.421178 2018] [:notice] [pid 23736:tid
> 139634017527680] Advertise initialized for process 23736
> [Tue Feb 13 11:43:04.422642 2018] [mpm_event:notice] [pid 23736:tid
> 139634017527680] AH00489: Apache/2.4.18 (Ubuntu)
> mod_cluster/1.3.1.Final OpenSSL/1.0.2g configured -- resuming normal
> operations
> [Tue Feb 13 11:43:04.422682 2018] [core:notice] [pid 23736:tid
> 139634017527680] AH00094: Command line: '/usr/sbin/apache2'
> [Tue Feb 13 11:55:14.852179 2018] [mpm_event:notice] [pid 23736:tid
> 139634017527680] AH00491: caught SIGTERM, shutting down
> [Tue Feb 13 11:55:15.984187 2018] [ssl:warn] [pid 25890:tid
> 140179862239104] AH01906: vps383894.ovh.net:443:0 server certificate
> is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Tue Feb 13 11:55:16.005249 2018] [ssl:warn] [pid 25891:tid
> 140179862239104] AH01906: vps383894.ovh.net:443:0 server certificate
> is a CA certificate (BasicConstraints: CA == TRUE !?)
> [Tue Feb 13 11:55:16.009504 2018] [:notice] [pid 25891:tid
> 140179862239104] Advertise initialized for process 25891
> [Tue Feb 13 11:55:16.010908 2018] [mpm_event:notice] [pid 25891:tid
> 140179862239104] AH00489: Apache/2.4.18 (Ubuntu)
> mod_cluster/1.3.1.Final OpenSSL/1.0.2g configured -- resuming normal
> operations
> [Tue Feb 13 11:55:16.010932 2018] [core:notice] [pid 25891:tid
> 140179862239104] AH00094: Command line: '/usr/sbin/apache2'
> [Tue Feb 13 12:13:35.051090 2018] [proxy:warn] [pid 25895:tid
> 140179444545280] [client 82.236.158.30:49992] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:13:57.552528 2018] [proxy:warn] [pid 25895:tid
> 140179452937984] [client 82.236.158.30:49996] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:13:58.508734 2018] [proxy:warn] [pid 25896:tid
> 140179461330688] [client 82.236.158.30:49998] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:13:58.670853 2018] [proxy:warn] [pid 25895:tid
> 140179427759872] [client 82.236.158.30:50000] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:13:58.819705 2018] [proxy:warn] [pid 25896:tid
> 140179452937984] [client 82.236.158.30:50002] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:13:58.980052 2018] [proxy:warn] [pid 25895:tid
> 140179419367168] [client 82.236.158.30:50004] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
> [Tue Feb 13 12:14:50.778001 2018] [proxy:warn] [pid 25895:tid
> 140179385796352] [client 82.236.158.30:50014] AH01144: No protocol
> handler was valid for the URL /auth. If you are using a DSO version of
> mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
>
>
> WHat's going wrong ?
> How is it possible to fix this ?
>
> Regards,
> Olivier
>
>
>
>
> --
>
>
> <http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>
>
> <http://www.janua.fr/images/6g_top.gif>
>
> Olivier Rivat
> CTO
> orivat at janua.fr <mailto:dchikhaoui at janua.fr>
> Gsm: +33(0)682 801 609
> Tél: +33(0)489 829 238
> Fax: +33(0)955 260 370
> http://www.janua.fr <http://www.janua.fr/>
> <http://www.janua.fr/images/6g_top.gif>
>
>
--
<http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif>
<http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat at janua.fr <mailto:dchikhaoui at janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <http://www.janua.fr/>
<http://www.janua.fr/images/6g_top.gif>
More information about the keycloak-user
mailing list