Hello Guys, Need your suggestions on a Apache/Dispatcher setup. (Please see the attached diagram)
Scenario The customer has the standard AEM Publish and Apache web servers (shown as #1 in the diagram) already setup and there are multiple websites hosted here. For one new site, there is a need to access the site through a new set of web servers (shown as #2 in the diagram) hosted on a 3rd party cloud. If you look closely, this is a different-than-regular scenario with 2 web servers in the request path. Usually we have just one web layer load balancing AEM publish instances.
I am able to access the website via LB 1's URL origin-some-domain.com. LB has a valid certificate installed on it. LB accepts requests directly on port 443 and forces all requests to HTTP port 80 requests to port 443.
Next, I want to hook dispatcher #2 to this LB 1. There is no blocking firewall between 3rd party web servers and the LB.
Both the web servers #2 and Apache #2 do NOT have SSL enabled. I am not sure if SSL is needed on Apache #2 or Dispatcher #2 or both to communicate with LB 1. Please suggest if that is needed and guidelines around how to do it?
I see the following Adobe documentation for Dispatcher with SSL and AEM, I am not sure if that applies to Dispatcher in this scenario too:
You are absolutely correct! This does not look ideal, however there are multiple factors that lead us to this setup. There are few more options on the table that we are considering, however, I wanted to explore this option before we simply drop it.
I have been able to connect 2 dispatchers in a row and the traffic flows as expected #2 > #1 > Publishers and back. So, that is solved and I have tested it. It works over HTTP.
3. Same certificate installed both on dispatcher and the LB.
4. apache.conf udpates for the dispatcher module.
As per Adobe documentation, the above setup is recommended for Dispatcher > AEM (HTTPS). I am not sure if the same setup could work for Dispatcher > LB (HTTPS) too. What are your suggestions regarding that?
Can't you point the DNS directly to the #1 load balancer?
The dispatcher cant point to another load balancer or dispatcher, based on your scenario the Apache ProxyPass configurations(Reverse Proxy Configuration) can be used in #2 Apache server to send the request for specific URL's to #1 load balancer URL