On Fri, 30 Nov 2001, Hai Pham wrote:
> Hi Joe,
>
> In our project, my supervisor wants to terminate SSL
> connection before it reaches the real servers (2 of
> them). We are trying to simulate Big-IP. That's why I
> let apache handle SSL and then act as a proxy to the
> real servers. I've successfully set up an LVS system
> with Apache sitting on a separate machine. This will
> have some network overhead however(from the director
> machine to Apache machine), so I try to put Apache on
> the director machine. Apache is listening to two
> virtual hosts; so yes, you could consider it as two
> localhost real servers.
>
I don't know if you want to implement a user-space SSL load balancer.
If so, you can use ssl_module, proxy_module and rewrite_module in the
apache to setup a user-space SSL load balancer, but you don't think the
LVS for this purpose.
> I don't quite understand why this couldn't work. It 's
> just a matter of rewritting the packet destination to
> another VIP. I guess I overlook something here.
>
In the Local Node mode of LVS, if LVS decide a packet for LocalNode, it
simply forward the packet to upper layer of TCP stack, it doesn't change
address. So, you cannot use LVS to load balance two services running at
the director.
Regards,
Wensong
|