By: Cory Carter user 01 Mar 2018 at 2:14 p.m. CST

4 Responses
Cory Carter gravatar
Hello, I'm currently looking for additional documentation or knowledge on configuring a single GLUU instance node behind a load balancer such as f5. From the clustering documentation, it sounds like all that would need to be done is add the instance node IP with the LB name to /etc/hosts file in the GLUU instance? I'm seeking to hide the original server name with the shared dns name, hopefully without having to reinstall the entire instance. Thanks, Cory

By Chris Blanton user 01 Mar 2018 at 2:29 p.m. CST

Chris Blanton gravatar
Cory, I'm not particularly familiar with F5's interface, but to build a proxy in front of Gluu Server, we use this NGINX template: ``` events { worker_connections 6500; } http { upstream backend { server idp.example.org:443 max_fails=2 fail_timeout=10s; } server { listen 80; server_name loadbalancer.example.org; return 301 https://loadbalance.example.org$request_uri; } server { listen 443; server_name loadbalancer.example.org; ssl on; ssl_certificate /etc/nginx/ssl/httpd.crt; ssl_certificate_key /etc/nginx/ssl/httpd.key; location ~ ^(/)$ { proxy_pass https://backend; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /.well-known { proxy_pass https://backend/.well-known; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /oxauth { proxy_pass https://backend/oxauth; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /identity { proxy_pass https://backend/identity; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /cas { proxy_pass https://backend/cas; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /asimba { proxy_pass https://backend/asimba; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /passport { proxy_pass https://backend/passport; proxy_redirect off; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } } ``` Basically make sure that f5 hits all these ends points: ``` location ~ ^(/)$ /.well-known /oxauth /identity /cas /asimba /passport ``` So I was going to write out the whole process for you, but since it is extremely complicated and prone to error, we just recently built a script that should work at changing your instance from one host-name to another. In this case from your old hostname, to the new f5 server hostname. I haven't tested it on RHEL, but we have with CentOS 7, so I don't foresee any problems. the script and instructions are located here: [hostname change script](https://github.com/GluuFederation/cluster-mgr/tree/master/testing) You would want to run this outside the Gluu chroot then restart your server. The gist of what happens can be found in the manual instructions: [Manual hostname instructions](https://github.com/GluuFederation/cluster-mgr/wiki/Changing-Gluu-Server-Hostname-for-Cluster-Deployment) So Certs, Keystore, Apache Configuration and LDAP entries are changed to match a new hostname. Let me know if you need any assistance with getting the script to work properly for you.

By Chris Blanton user 05 Mar 2018 at 3:57 p.m. CST

Chris Blanton gravatar
Cory, Did that help at all? Can we close this ticket?

By Cory Carter user 06 Mar 2018 at 9:11 a.m. CST

Cory Carter gravatar
Chris, Instead of going through the hassle of spinning up the cluster mangager at the moment, I chose to simply reinstall the instance with appropriate parameters. You may close this ticket. Thanks, Cory

By Chris Blanton user 06 Mar 2018 at 5:02 p.m. CST

Chris Blanton gravatar
Hey Cory, You didn't need to install cluster manager, just run the script with the necessary libraries outside the chroot. Glad you got it fixed though. Cheers, Chris