mod_cluster.conf

## mod_cluster.conf
# Note: There is only "Listen 192.168.122.204:2181" in conf/http.conf,
#       all other configuration including SSL is done here for demonstration purposes.

LoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.so

MemManagerFile "/dev/shm/httpd/cache/mod_cluster"

# mod_cluster directive for emulating cpin/cpong
EnableOptions

# SSL properties for vhost on 2181
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLHonorCipherOrder on
SSLCertificateFile /vault/certs/server.crt
SSLCertificateKeyFile /vault/certs/server.key
SSLCACertificateFile /vault/certs/myca.crt
SSLVerifyClient require
SSLProxyVerify require
SSLProxyEngine On
SSLVerifyDepth 10
SSLProxyMachineCertificateFile /vault/certs/client.pem
SSLProxyCACertificateFile /vault/certs/myca.crt
SSLProxyProtocol all -SSLv2 -SSLv3

ServerName 192.168.122.204:2181

# MOD_CLUSTER
<IfModule manager_module>
  Listen 192.168.122.204:8847
  # Test and demonstration purposes...
  LogLevel debug
  <VirtualHost 192.168.122.204:8847>
    ServerName 192.168.122.204:8847
    <Directory />
      Order deny,allow
      Deny from all
      #CHANGEIT This is only for testing!
      Allow from all
    </Directory>
    KeepAliveTimeout 60
    MaxKeepAliveRequests 0
    ServerAdvertise on
    AdvertiseFrequency 5
    ManagerBalancerName qacluster
    AdvertiseGroup 224.0.5.79:65009
    EnableMCPMReceive

    # SSL properties for mod_cluster vhost

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
    SSLHonorCipherOrder on
    SSLCertificateFile /vault/certs/server.crt
    SSLCertificateKeyFile /vault/certs/server.key
    SSLCACertificateFile /vault/certs/myca.crt
    SSLVerifyClient require
    SSLProxyVerify require
    SSLProxyEngine On
    SSLVerifyDepth 10
    SSLProxyMachineCertificateFile /vault/certs/client.pem
    SSLProxyCACertificateFile /vault/certs/myca.crt
    SSLProxyProtocol all -SSLv2 -SSLv3

    <Location /mcm>
      SetHandler mod_cluster-manager
      Order deny,allow
      Deny from all
      #CHANGEIT This is only for testing!
      Allow from all
    </Location>
  </VirtualHost>
</IfModule>

## standalone-ha.xml
<subsystem xmlns="urn:jboss:domain:modcluster:1.2">
<mod-cluster-config connector="https" advertise-socket="modcluster">
    <dynamic-load-provider>
        <load-metric type="busyness"/>
    </dynamic-load-provider>
    <ssl ca-certificate-file="/vault/certs/ca-cert.jks"
         certificate-key-file="/vault/certs/client-cert-key.jks"
         password="tomcat"
         key-alias="javaclient"
         cipher-suite="SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
         protocol="TLSv1"/>
</mod-cluster-config>
</subsystem>

+++

<subsystem xmlns="urn:jboss:domain:web:2.1" native="false">
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" enabled="true" secure="true">
<ssl name="https"
    ca-certificate-file="/vault/certs/ca-cert.jks"
    certificate-key-file="/vault/certs/server-cert-key.jks"
    certificate-file="/vault/certs/server-cert-key.jks"
    password="tomcat"
    verify-client="true"
    key-alias="javaserver"
    cipher-suite="SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" protocol="TLSv1"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
    <alias name="localhost"/>
    <alias name="example.com"/>
</virtual-server>
</subsystem>