|
Malcolm Turnbull wrote:
I'll try it myself anyway but just wanted to know if anyone knew allready.
i.e. can the load balancer listen on VIP:80 & 443
but send all packets to port 443 ?
Sure, but testing this on Apache and I get a 400 Bad Request sending a
normal (http port 80) request to a server listening for secure http
(https port 443). Sending a http request to a https server is probably
going to give the same error.
Can it be done with an iptables rule ?
I don't think there are any technical issues of doing it with ipvsadm by
creating two virtual services:
ipvsadm -A -t VIP:80
ipvsadm -a -t VIP:80 -r RIP:443 [-g]
ipvsadm -A -t VIP:443
ipvsadm -a -t VIP:443 -r RIP:443 [-g]
Probably not as transparent as you want though as it won't aggregate the
two sets of connection and load balance among them.
If you want to turn on persistance, it can ignore the port:
ipvsadm -A -t VIP -p
ipvsadm -a -t VIP -r RIP:443
Looking briefly though the iptables stuff, it looks like you can
aggregate ports using the 'mangle' table or by using a fwmark with
ipvsadm -A, but I don't know enough about it to give examples.
--
-Jacob
Listingbook.com
| 