LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Mimmicking an ssl acclerator/load balancer

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Mimmicking an ssl acclerator/load balancer
From: Ryan Johnson <rjohnson@xxxxxxxxxxxx>
Date: Thu, 23 Sep 2004 00:18:17 -0400
Hi everyone,

I have been trying to duplicate our ssl accelerator/load balancer using stunnel and the virtual server capabilities of the linux kernel.

What I would like to do is have stunnel take ssl requests decrypt them (pass them as plain http) then load balance the plain text traffic across multiple webservers. If possible, the stunnel and virtual server on the same machine.



My stunnel config looks like

[https]
accept  = extenal_ip:443
connect = 127.0.0.1:80
TIMEOUTclose = 0

and the ipvs looks like

/sbin/ipvsadm -A -t 127.0.0.1:80 -s rr


/sbin/ipvsadm -a -t 127.0.0.1:80 -r 192.168.5.5:80 -w 1


I have compiled all the virtual server code into the 2.6.7 kernel.

Can I do this all on the same machine? Or at all? I have read about persistant connections and ssl in conjunction with the virtual server code, but I do not believe that is the problem here. I believe since I never see a syn packet hitting my webserver (192.168.5.5) behind the stunnel/virtual server machine. Also I know my stunnel works when I do not try to use the virtual server. I have also flushed all of my iptables rules.

Any ideas?

Thank you in advance,
Ryan

<Prev in Thread] Current Thread [Next in Thread>