JBoss.orgCommunity Documentation

Chapter 9. Server-side Configuration Properties

9.1. Proxy Discovery Configuration
9.2. Proxy Configuration
9.3. SSL Configuration
9.4. Load Configuration for JBoss Web and Tomcat

The tables below enumerate the configuration properties available to an application server node. The location for these properties depends on how mod_cluster is configured.

The list of proxies from which an application expects to receive AJP connections is either defined statically, via the addresses defined in the proxyList configuration property; or discovered dynamically via the advertise mechanism. Using a special mod_advertise module, proxies can advertise their existence by periodically broadcasting a multicast message containing its address/port. This functionality is enabled via the advertise configuration property. If configured to listen, a server can learn of the proxy's existence, then notify that proxy of its own existence, and update its configuration accordingly. This frees both the proxy and the server from having to define static, environment-specific configuration values.

AttributeAS7 AttributeDefaultScopeDescription
proxyListproxy-listNoneConfiguration

Defines a comma delimited list of httpd proxies with which this node will initially communicate. Value should be of the form:

address1:port1,address2:port2

Using the default configuration, this property can by manipulated via the jboss.mod_cluster.proxyList system property.

excludedContextsexcluded-contextsROOT, admin-console, invoker, bossws, jmx-console, juddi, web-consoleConfiguration

List of contexts to exclude from httpd registration, of the form:

host1:context1,host2:context2,host3:context3

If no host is indicated, it is assumed to be the default host of the server (e.g. localhost). "ROOT" indicates the root context. Using the default configuration, this property can by manipulated via the jboss.mod_cluster.excludedContexts system property.

autoEnableContextsauto-enable-contextstrueConfiguration

If false the contexts are registered disabled in httpd, they need to be enabled via the enable() mbean method or via mod_cluster_manager.

stopContextTimeoutstop-context-timeout10Configuration

The amount of time, measure in units specified by stopContextTimeoutUnit, for which to wait for clean shutdown of a context (completion of pending requests for a distributable context; or destruction/expiration of active sessions for a non-distributable context).

stopContextTimeoutUnitNoneTimeUnit.SECONDSConfiguration

The unit of time for use with stopContextTimeout

sessionDrainingStrategyNoneorg.jboss.modcluster.SessionDrainingStrategyEnum.DEFAULTConfiguration

Indicates the session draining strategy used during undeployment of a web application. There are three possible values:

DEFAULT

Drain sessions before web application undeploy only if the web application is non-distributable.

ALWAYS

Always drain sessions before web application undeploy, even for distributable web applications.

NEVER

Do not drain sessions before web application undeploy, even for non-distributable web application.

proxyURLproxy-urlNoneApache HTTPD

If defined, this value will be prepended to the URL of MCMP commands.

socketTimeoutsocket-timeout20000Configuration

Number of milliseconds to wait for a response from an httpd proxy to MCMP commands before timing out, and flagging the proxy as in error.

advertisetrue, if proxyList is undefined, false otherwiseConfiguration

If enabled, httpd proxies will be auto-discovered via multicast announcements. This can be used either in concert or in place of a static proxyList.

advertiseGroupAddressadvertise-socket224.0.1.105Apache HTTPD

UDP address on which to listen for httpd proxy multicast advertisements

In AS7 that corresponding to the name of a socket-binding

advertisePortSee advertise-socket23364Apache HTTPD

UDP port on which to listen for httpd proxy multicast advertisements

advertiseSecurityKeyadvertise-security-keyNoneApache HTTPD

If specified, httpd proxy advertisements checksums (using this value as a salt) will be required to be verified on the server side

advertiseThreadFactoryNoneExecutors.defaultThreadFactory()Configuration

The thread factory used to create the background advertisement listener.

jvmRouteFactoryNonenew SystemPropertyJvmRouteFactory(new UUIDJvmRouteFactory(), "jboss.mod_cluster.jvmRoute")Configuration Defines the strategy for determining the jvm route of a node, if none was specified in server.xml. The default factory first consults the jboss.mod_cluster.jvmRoute system property. If this system property is undefined, the jvm route is assigned a UUID.

The following configuration values are sent to proxies during server startup, when a proxy is detected via the advertise mechanism, or during the resetting of a proxy's configuration during error recovery.

AttributeAS7 AttributeDefaultScopeDescription
stickySessionsticky-sessiontrueBalancer

Indicates whether subsequent requests for a given session should be routed to the same node, if possible.

stickySessionRemovesticky-session-removefalseBalancer

Indicates whether the httpd proxy should remove session stickiness in the event that the balancer is unable to route a request to the node to which it is stuck. This property is ignored if stickySession is false.

stickySessionForcesticky-session-forcefalseBalancer

Indicates whether the httpd proxy should return an error in the event that the balancer is unable to route a request to the node to which it is stuck. This property is ignored if stickySession is false.

workerTimeoutworker-timeout-1Balancer

Number of seconds to wait for a worker to become available to handle a request. When no workers of a balancer are usable, mod_cluster will retry after a while (workerTimeout/100). That is timeout in the balancer mod_proxy documentation. A value of -1 indicates that the httpd will not wait for a worker to be available and will return an error if none is available.

maxAttemptsmax-attempts1Balancer

Number of times an httpd proxy will attempt to send a given request to a worker before giving up. The minimum value is 1, meaning try only once. (Note that mod_proxy default is also 1: no retry).

flushPacketsflush-packetsfalseNode

Enables/disables packet flushing

flushWaitflush-wait-1Node

Time to wait before flushing packets in milliseconds. A value of -1 means wait forever.

pingping10Node

Time (in seconds) in which to wait for a pong answer to a ping

smaxsmaxDetermined by httpd configurationNode

Soft maximum idle connection count (that is the smax in worker mod_proxy documentation). The maximum value depends on the httpd thread configuration (ThreadsPerChild or 1).

ttlttl60Node

Time to live (in seconds) for idle connections above smax

nodeTimeoutnode-timeout-1Node

Timeout (in seconds) for proxy connections to a node. That is the time mod_cluster will wait for the back-end response before returning error. That corresponds to timeout in the worker mod_proxy documentation. A value of -1 indicates no timeout. Note that mod_cluster always uses a cping/cpong before forwarding a request and the connectiontimeout value used by mod_cluster is the ping value.

balancerbalancermyclusterNode

The balancer name

loadBalancingGroupdomain load-balancing-groupNoneNode

If specified, load will be balanced among jvmRoutes withing the same load balancing group. A loadBalancingGroup is conceptually equivalent to a mod_jk domain directive. This is primarily used in conjunction with partitioned session replication (e.g. buddy replication).

The communication channel between application servers and httpd proxies uses HTTP by default. This channel can be secured using HTTPS by setting the ssl property to true.

Note

This HTTP/HTTPS channel should not be confused with the processing of HTTP/HTTPS client requests.

AttributeAS7 AttributeDefaultDescription
sslNonefalse

Should connection to proxy use a secure socket layer

sslCipherscipher-suiteThe default JSSE cipher suites

Overrides the cipher suites used to initialize an SSL socket ignoring any unsupported ciphers

sslProtocolprotocolTLS (ALL in AS7)

Overrides the default SSL socket protocol.

sslCertificateEncodingAlgorithmNoneThe default JSSE key manager algorithm

The algorithm of the key manager factory

sslKeyStorecertificate-key-fileSystem.getProperty("user.home") + "/.keystore"

The location of the key store containing client certificates

sslKeyStorePasswordpasswordchangeit

The password granting access to the key store (and trust store in AS7)

sslKeyStoreTypeNoneJKS

The type of key store

sslKeyStoreProviderNoneThe default JSSE security provider

The key store provider

sslTrustAlgorithmNoneThe default JSSE trust manager algorithm

The algorithm of the trust manager factory

sslKeyAliaskey-alias 

The alias of the key holding the client certificates in the key store

sslCrlFileca-revocation-url 

Certificate revocation list

sslTrustMaxCertLengthNone5

The maximum length of a certificate held in the trust store

sslTrustStoreNoneSystem.getProperty("javax.net.ssl.trustStorePassword")

The location of the file containing the trust store

sslTrustStorePasswordNoneSystem.getProperty("javax.net.ssl.trustStore")

The password granting access to the trust store.

sslTrustStoreTypeNoneSystem.getProperty("javax.net.ssl.trustStoreType")

The trust store type

sslTrustStoreProviderNoneSystem.getProperty("javax.net.ssl.trustStoreProvider")

The trust store provider

Additional configuration properties used when mod_cluster is configured in JBoss Web standalone or Tomcat.

AttributeDefaultDescription
loadMetricClassorg.jboss.modcluster.load.metric.impl.BusyConnectorsLoadMetric

Class name of an object implementing org.jboss.load.metric.LoadMetric

loadMetricCapacity1

The capacity of the load metric defined via the loadMetricClass property

loadHistory9

The number of historic load values to consider in the load balance factor computation.

loadDecayFactor2

The factor by which a historic load values should degrade in significance.