First let's create IS cluster. WSO2 IS 3.2.3 can be downloaded from here.
1) Create two directories named node1 and node2.
2) Unzip wso2is-‐3.2.3.zip distribution in to each of the node directories created above.
In this scenario, I'm going to change the host name of the servers. Let's first consider node1.
3) Change the host name to abc.com. This blog explains all the necessary steps.
Note: While creating the keystore, make sure to provide the new host name as the Common Name (CN).
What is your first and last name?
[Unknown]: abc.com
And the public certificate will look like
Owner: CN=abc.com, OU=qa, O=wso2, L=colombo, ST=western, C=sl
Issuer: CN=abc.com, OU=qa, O=wso2, L=colombo, ST=western, C=sl
Serial number: 4f788014
Valid from: Sun Apr 01 21:49:32 IST 2012 until: Sat Jun 30 21:49:32 IST 2012
Certificate fingerprints:
MD5: B3:B7:F0:73:8E:21:0C:FE:75:5C:9E:4C:5E:51:57:6E
SHA1: 7E:05:40:3C:07:89:CD:AC:3F:5B:F2:7E:E6:D5:A8:8E:85:6D:7D:C9
Signature algorithm name: SHA1withRSA
Version: 3
4) Enable clustering in axis2.xml and change domain name as "wso2.is.domain". After all the modifications, cluster related configuration in axis2.xml should look like this.
5) Apache HTTP server is going to be used as the load balancer. To enable Apache2 mod_proxy, uncomment following properties in mgt-transports.xml
With above changes, configuration of one of the instances is complete. Now let's change node2 IS instances.
6) To change the host name, enable clustering and apache mod_proxy please follow steps 3), 4) and 5). I'm using xyz. com as the host name of second IS instance. Therefore change carbon.xml, identity.xml and axis2.xml accordingly to reflect this new host name.
For this setup, a central user store is needed. The embedded LDAP shipped with WSO2 IS will be used in this scenario.
7) To disable the default LDAP of node2 change following property in embedded-ldap.xml
8) Then change user-mgt.xml of node2 IS instance so that it uses embedded LDAP of node1 as the user store.
9) Change the ports of the server by changing the off-set value in carbon.xml. I've changed offset value from 0 to 1. Now https port will be 9444 and http port will be 9764.
Now let's consider about configuring Apache http server as a load balancer.
10) If you've not already installed Apache server, install it using following command. (you have to be root to perform following actions)
apt-get install apache2
11) To enable necessary modules, go to /etc/apache2/mods-available directory and run following commands.
a2enmod proxy_http
a2enmod ssl
a2enmod proxy_balancer
1) Create two directories named node1 and node2.
2) Unzip wso2is-‐3.2.3.zip distribution in to each of the node directories created above.
In this scenario, I'm going to change the host name of the servers. Let's first consider node1.
3) Change the host name to abc.com. This blog explains all the necessary steps.
Note: While creating the keystore, make sure to provide the new host name as the Common Name (CN).
What is your first and last name?
[Unknown]: abc.com
And the public certificate will look like
Owner: CN=abc.com, OU=qa, O=wso2, L=colombo, ST=western, C=sl
Issuer: CN=abc.com, OU=qa, O=wso2, L=colombo, ST=western, C=sl
Serial number: 4f788014
Valid from: Sun Apr 01 21:49:32 IST 2012 until: Sat Jun 30 21:49:32 IST 2012
Certificate fingerprints:
MD5: B3:B7:F0:73:8E:21:0C:FE:75:5C:9E:4C:5E:51:57:6E
SHA1: 7E:05:40:3C:07:89:CD:AC:3F:5B:F2:7E:E6:D5:A8:8E:85:6D:7D:C9
Signature algorithm name: SHA1withRSA
Version: 3
4) Enable clustering in axis2.xml and change domain name as "wso2.is.domain". After all the modifications, cluster related configuration in axis2.xml should look like this.
5) Apache HTTP server is going to be used as the load balancer. To enable Apache2 mod_proxy, uncomment following properties in mgt-transports.xml
With above changes, configuration of one of the instances is complete. Now let's change node2 IS instances.
6) To change the host name, enable clustering and apache mod_proxy please follow steps 3), 4) and 5). I'm using xyz. com as the host name of second IS instance. Therefore change carbon.xml, identity.xml and axis2.xml accordingly to reflect this new host name.
For this setup, a central user store is needed. The embedded LDAP shipped with WSO2 IS will be used in this scenario.
7) To disable the default LDAP of node2 change following property in embedded-ldap.xml
8) Then change user-mgt.xml of node2 IS instance so that it uses embedded LDAP of node1 as the user store.
9) Change the ports of the server by changing the off-set value in carbon.xml. I've changed offset value from 0 to 1. Now https port will be 9444 and http port will be 9764.
Now let's consider about configuring Apache http server as a load balancer.
10) If you've not already installed Apache server, install it using following command. (you have to be root to perform following actions)
apt-get install apache2
11) To enable necessary modules, go to /etc/apache2/mods-available directory and run following commands.
a2enmod proxy_http
a2enmod ssl
a2enmod proxy_balancer
a2enmod headers
12) Add following entry in httpd.conf (/etc/apach2)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule status_module modules/mod_status.so
12) Add following entry in httpd.conf (/etc/apach2)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule status_module modules/mod_status.so
12) Add a virtual host containing following content. You have to create it inside /etc/apache2/sites-available directory
Note : Since ssl is enabled you have to specify location of the certificates.
Load balancing configuration is done to be session aware.
13) Add above created virtual host to sites-enabled directory using following command.
a2dissite default-ssl
a2ensite wso2.com
Note : "wso2.com" is the name of the virtual host.
14) After all these configuration start apache server
sudo /etc/init.d/apach2 start
15) I've changed the host name of the server/load balancer to wso2.com. Therefore add following entry to /etc/hosts file
127.0.0.1 wso2.com
I've created load balancer certificates with Common name matching the server host name (wso2.com)
Final step is to import this certificate into the keystore and trust-store of two IS instances. For that use following commands.
16) keytool -import -alias servercert -file servercert.pem -keystore iskeystore.jks -storepass ispassword
Note : ispassword is the password of new keystore used by IS
17) keytool -import -alias servercert -file servercert.pem -keystore client-truststore.jks -storepass wso2carbon
18) Now start two IS instances.
19) If you type https://wso2.com/carbon or https://wso2.com:443/carbon you'll be redirected to one of the IS instances. If one server is down, you can observe that the traffic is routed to other server.
