Looking for httpd conf advice from users of ultramonkey (lvs-nat) and firewall marks.

[Chip Upsal <cupsal@xxxxxxxxxxxxx>]

I am using ultramonkey 2.0.1 with firewall marks.
I am loadbalancing two servers with several  ip-virtual sites.

On the virtual host directive i have been using real ipaddress on the lvs
subnet for the real servers:

Server1

#Site 1
<VirtualHost 192.168.2.19:80>
        ServerName foo.domain.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot    /var/www/web_root/foo
        ErrorLog logs/foo-error_log
        CustomLog logs/foo-access_log common
</VirtualHost>
<VirtualHost 192.168.2.19:443>
        ServerName foo.domain.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot /var/www/web_root/foo
        ErrorLog logs/foo_ssl-error_log
        CustomLog logs/foo_ssl-access_log common
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/foo/foo.crt      
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/foo/foo.key
</VirtualHost>

#Site 2
<VirtualHost 192.168.2.20:80>
        ServerName foo2.domain2.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot    /var/www/web_root/foo2
        ErrorLog logs/foo2-error_log
        CustomLog logs/foo2-access_log common
</VirtualHost>
<VirtualHost 192.168.2.19:443>
        ServerName foo2.domain2.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot /var/www/web_root/foo2
        ErrorLog logs/foo2_ssl-error_log
        CustomLog logs/foo2_ssl-access_log common
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/foo2/foo2.crt      
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/foo2/foo2.key
</VirtualHost>


On the second server:


#Site 1
<VirtualHost 192.168.2.19:80>
        ServerName foo.domain.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot    /var/www/web_root/foo
        ErrorLog logs/foo-error_log
        CustomLog logs/foo-access_log common
</VirtualHost>
<VirtualHost 192.168.2.19:443>
        ServerName foo.domain.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot /var/www/web_root/foo
        ErrorLog logs/foo_ssl-error_log
        CustomLog logs/foo_ssl-access_log common
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/foo/foo.crt      
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/foo/foo.key
</VirtualHost>

#Site 2
<VirtualHost 192.168.2.120:80>
        ServerName foo2.domain2.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot    /var/www/web_root/foo2
        ErrorLog logs/foo2-error_log
        CustomLog logs/foo2-access_log common
</VirtualHost>
<VirtualHost 192.168.2.119:443>
        ServerName foo2.domain2.com
        ServerAdmin admin@xxxxxxxxxxxxx
        DocumentRoot /var/www/web_root/foo2
        ErrorLog logs/foo2_ssl-error_log
        CustomLog logs/foo2_ssl-access_log common
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/foo2/foo2.crt      
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/foo2/foo2.key
</VirtualHost>

The ldirectord.cf file looks like:

# site1
virtual=1
        real=192.168.2.19:0 masq
        real=192.168.2.119:0 masq
        service=http
        checkport=80
        checktype=negotiate
        request="lvs.html"
        receive="server-up"
        scheduler=lc
        persistent=3600

# Site2
virtual=2
        real=192.168.2.20:0 masq
        real=192.168.2.120:0 masq
        service=http
        checkport=80
        checktype=negotiate
        request="lvs.html"
        receive="server-up"
        scheduler=lc
        persistent=3600

Is this a valid setup?

All seems to be working well most of the time...however i have had problems
with clients jumping sites and jumping around on the sites...not following
links correctly.

Chip




Chip Upsal
SysAdmin
CyberWolf Inc
505.983.6463 x28
http://www.cyberwolf.com