Restricting the load balancer

For increased security, you can configure the load balancer to authenticate when it communicates with Spotfire Statistics Services.

About this task

You can restrict access to the load balancer by setting up an AJP Connector secret keyword for the load balancers to use to authenticate with the Manager nodes. This is a secret keyword that the load balancers and Manager nodes all know.

Note: Tomcat 9.0.56, which is included in your installation, sets secretRequired=true by default.

Procedure

Add the keyword to all the Manager nodes.
In the SPSERVER_SHARE/tomcat/conf/server.xml file, find the section specifyingService name = "Catalina", and in that section, find the Connector configuration:
```
<Connector port="8009" protocol="AJP/1.3" address="0.0.0.0" connectionTimeout="20000" packetSize="65536"/>
```

Add the keyword definition

<Connector port="8009"
protocol="AJP/1.3"
address="0.0.0.0."
connectionTimeout="20000" 
packetSize="65536"
request.useSecret="true"
request.secret="SecretKeyword" />

Add the keyword to the worker.properties file on the load balancer computer.
Above the properties for individual workers, add a keyword that all the nodes use:
```
# Enable secret keyword
worker.loadbalancer.secret="SecretKeyword"
```
Now Spotfire Statistics Services accepts only AJP connections from load balancers that know the secret keyword.