Hi,
you can use firewall marks to make http/https-server work.
This job has to be done by iptables/ipchains, ipvs can recognize these, but
cannot assign them.
In the lvs configuration you can tell ipvs to handle packets on different
ports with the same firewall mark identically.
The rules to set the firewall mark to 80 on packets destined to the floating
IP address x.x.x.x on ports 80 and 443
iptables
/sbin/modprobe ip_tables
/sbin/iptables -t mangle -A PREROUTING \
-p tcp -d x.x.x.x/32 --dport 80 -j MARK --set-mark 80
/sbin/iptables -t mangle -A PREROUTING \
-p tcp -d x.x.x.x/32 --dport 443 -j MARK --set-mark 80
ipchains
/sbin/modprobe ipchains
/sbin/ipchains -A input -p tcp -d x.x.x.x/32 80 -m 80
/sbin/ipchains -A input -p tcp -d x.x.x.x/32 443 -m 80
After this my http/https-server worked fine :)
Make sure that packet filtering rules are made permanent, otherwise this
changes wont persist through a reboot.
Hope this helps,
Greetings,
Michael
-----Ursprüngliche Nachricht-----
Von: devendra orion [mailto:dev_orion@xxxxxxxxx]
Gesendet: Montag, 13. Januar 2003 14:47
An: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Betreff: HTTP-HTTPS
Hi!
I need help in setting up load balancer with HTTP and
HTTPS going to same real servers.
Current configuration is
Load balancer and 3 real servers
The 3 real servers are serving HTTP and configured for
HTTPS.In load balncer i want HTTP to be scheduled in
round robin fashion and HTTPS to be in weghted least
connection. As we have to keep session persistent to
same real server i am using WLC with network address
level persistence for 60 mins.
Now i am adding https and which is served by same real
servers, but i am not sure of how to configure it
properly. I tried the following configuration:
ipvsadm -A -t OutIP:80 -s rr
ipvsadm -a -t OUTIP:80 RealIP1:80 -m
ipvsadm -a -t OUTIP:80 RealIP2:80 -m
ipvsadm -a -t OUTIP:80 RealIP3:80 -m
ipvsadm -A -t OutIP:443 -s wlc -p 3600 -M
255.255.255.0
ipvsadm -a -t OUTIP:443 RealIP1:443 -m
ipvsadm -a -t OUTIP:443 RealIP2:443 -m
ipvsadm -a -t OUTIP:443 RealIP3:443 -m
I also tried
ipvsadm -A -t OutIP:0 -s wlc -p 3600 -M 255.255.255.0
ipvsadm -a -t OUTIP:0 RealIP1:0 -m
ipvsadm -a -t OUTIP:0 RealIP2:0 -m
ipvsadm -a -t OUTIP:0 RealIP3:0 -m
But the problem is the site is not visible the moment
i enable the HTTPS on realserver.
At a time only one port is accessible 80 or 443.
I am not sure whether th load balance is configured
wrong or real servers.
Waiting for your help.
Regards
Dev Orion
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|