By: Ankit Gupta user 12 Dec 2017 at 4:25 a.m. CST

6 Responses

Hi Team, We have setup GLUU clustering with Nginx as a platform for Load balancing. Problem Statement : With Nginx as LB and running two instances in LB setup. The installation is done as per clustering document below mentioned. (https://gluu.org/docs/ce/installation-guide/cluster/ ) Post performing all the steps mentioned for clustering , the following config was added in Nginx to Load balance requests to the backend. While accessing GLUU admin via nginx we are getting error message on the screen "Error Encountered". If we disable one instance and run only single GLUU. It works fine. This has been clearly identified if we run only single instance it works fine. Running in Clustering mode it gives this error. Nginx Configuration : events { worker_connections 768; } http { upstream backend_id { ip_hash; server sampl1.example.com:443; server sampl2.example.com:443; } upstream backend { server sampl1.example.com:443; server sampl2.example.com:443; } server { listen 80; server_name sample-lb-nginx.example.com; return 301 https://sample-lb-nginx.example.com$request_uri; } server { listen 443; server_name sample-lb-nginx.example.com; error_log /var/log/nginx/error.log notice; ssl on; ssl_certificate /etc/nginx/ssl/httpd.crt; ssl_certificate_key /etc/nginx/ssl/httpd.key; location ~ ^(/)$ { proxy_pass https://backend; } location /.well-known { proxy_pass https://backend/.well-known; } location /oxauth { proxy_pass_request_headers on; #proxy_set_header HOST sample-lb-nginx.example.com; proxy_pass https://backend/oxauth; } location /identity { proxy_pass_request_headers on; proxy_set_header HOST sample-lb-nginx.example.com; proxy_pass https://backend_id/identity; } location /idp/shibboleth { proxy_pass https://backend_id/idp/shibboleth; } location /idp/profile/SAML2/POST/SSO { proxy_pass_request_headers on; proxy_set_header HOST sample-lb-nginx.example.com; proxy_pass https://backend_id/idp/profile/SAML2/POST/SSO; } location /idp/Authn/RemoteUser { proxy_pass_request_headers on; proxy_set_header HOST sample-lb-nginx.example.com; proxy_pass https://backend_id/idp/Authn/RemoteUser; } location /idp/auth-code.jsp { proxy_pass_request_headers on; proxy_set_header HOST sample-lb-nginx.example.com; proxy_pass https://backend_id/idp/auth-code.jsp; } } } Nginx Version : nginx/1.12.2 *********************************************** https://sample-lb-nginx.example.com/oxauth/error ************************************************ Error Logs in application : ==> oxtrust.log <== 2017-12-11 09:01:19,356 ERROR [qtp985655350-12] [org.gluu.oxtrust.exception.GlobalExceptionHandler] (GlobalExceptionHandler.java:54) - Committed javax.faces.FacesException: Committed at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:89) ~[jsf-impl-2.2.14.jar:2.2.14] ==> oxtrust.log <== 2017-12-11 09:01:19,357 ERROR [qtp985655350-12] [org.gluu.oxtrust.exception.GlobalExceptionHandler] (GlobalExceptionHandler.java:77) - Can't perform redirect to viewId: /error java.lang.IllegalStateException: Committed Please provide resolution for the same

CentOS 7.0

closed

By Michael Schwartz Account Admin 12 Dec 2017 at 4:02 p.m. CST

Copy

Chris, any thoughts?

By Chris Blanton user 12 Dec 2017 at 4:26 p.m. CST

Copy

Ankit, Try restarting the Gluu Server that's not responding correctly.

By Ankit Gupta user 13 Dec 2017 at 12:07 a.m. CST

Copy

Already tried restarting the servers. I faced similar issue while i was doing setup with ELB as LB. Hence based on observation it looks like issue with the clustering setup only. and most important thing ... if there are two instances say 1a and 1b. it works fine if i take either of the nodes offline. This is not an issue with node. It happens when we use clustering mode. It works for below mentioned scenarios :- upstream backend { server sampl2.example.com:443; } upstream backend { server sampl1.example.com:443; }

By Ankit Gupta user 13 Dec 2017 at 10:25 a.m. CST

Copy

Another finding ..... if i put both backend destinations same. it works fine. i.e. upstream backend { server sampl1.example.com:443; server sampl1.example.com:443; }

By Ankit Gupta user 14 Dec 2017 at 4:06 a.m. CST

Copy

The issue has been fixed. The issue was at AWS Security Group. Allowed the traffic for 0.0.0.0/0 for port 1636. Before this I allowed traffic for 1636 for both GLUU IDM communications only. As my understanding was both the nodes will communicate to each other on port 1636. However this is not the case. Not sure where else communication takes place with port 1636. please provide required details.

By Chris Blanton user 14 Dec 2017 at 10:47 a.m. CST

Copy

Ankit, OpenLDAP only communicates on port 1636 with each other and with admin connections. I'm not quite sure what you mean.

You need to Login in order to post an answer

Clustered Setup using Nginx not working ..... only working with single instance

By: Ankit Gupta user 12 Dec 2017 at 4:25 a.m. CST

Answers

By Michael Schwartz Account Admin 12 Dec 2017 at 4:02 p.m. CST

By Chris Blanton user 12 Dec 2017 at 4:26 p.m. CST

By Ankit Gupta user 13 Dec 2017 at 12:07 a.m. CST

By Ankit Gupta user 13 Dec 2017 at 10:25 a.m. CST

By Ankit Gupta user 14 Dec 2017 at 4:06 a.m. CST

By Chris Blanton user 14 Dec 2017 at 10:47 a.m. CST

Post an answer