LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Ldirectord realserver connection refused LVS-TUN

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Ldirectord realserver connection refused LVS-TUN
From: Jaroslav Libák <jarol1@xxxxxxxxx>
Date: Wed, 20 Dec 2006 23:36:54 +0100 (CET)
Niraj Patel wrote:
> I had the RS listening on the RIP before and then in the process of trying to 
> get https working, I must have turned it off. http checks now work if RS is 
> listening on the RIP.  The implication seems to be that
>
> But now I have another problem, well more of a question really. Since https 
> uses name resolution to pull the SSL cert, would I also need something like 
> the following:
>

Name resolution is used to discover IP address not pull SSL certificates. 
Client initiates a TCP connection to server IP address to  receive the SSL 
certificate. SSL will also work if you connect  to IP directly in your browser 
(in sence that encryption will take place).

> 1. a dns entry for each virtual host that maps a fqdn like web.abc.com to 
> each of the RIPs  (not really sure about this part)
>    i.e.  web.abc.com resolves to RIP1, RIP2, etc.
> 2. an SSL certificate for web.abc.com that's installed on each RS.
>

1 is not needed, ldirectord should be able to perform https checks to IP 
directly.
2. you will need this of course

I run several apache ip based virtual servers on several RSs and test them 
using ldirectord via http only even though they run https too. If https is 
configured properly it will work whenever http does.

Jaro

<Prev in Thread] Current Thread [Next in Thread>