|
It is possible. I made sure that the SSL certificate was available to each
real server/virtual host via an NFS mount. I use a single centralised
httpd.conf file across all real servers. For example:
<VirtualHost <VIP>:443>
SSLEngine On
ServerName servername:443
DocumentRoot "/net/content/httpd/vhostname"
ServerAdmin email@xxxxxxxxxx
ErrorLog /net/logs/httpd/vhostname/ssl_error_log
TransferLog /net/logs/httpd/vhostname/ssl_access_log
CustomLog /net/logs/httpd/vhostname/ssl_request_log "%t
%h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLCertificateFile /net/conf/httpd/certs/vhostname.crt
SSLCertificateKeyFile /net/conf/httpd/certs/vhostname.key
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
<Directory />
Options None
AllowOverride None
Order Allow,Deny
Allow from a.b.c.d/255.255.255.0 a.b.c.d/255.255.255.0
</Directory>
</VirtualHost>
/net/logs, /net/conf and /net/content are all NFS mount points.
The downside is that unless you have real signed certificates from Thawte etc.
your browser may want to confirm the legitimacy of the certificate presented
each time it hits a new real server. This depends on the load balancing method
used.
Hence why the use of persistence is good with https.
j.
On Tue, 29 Jul 2003 14:46:08 -0700, William Francis wrote
> Is it possible to use LVS-DR with https without persistence? The
> documentation seems somewhat unclear on this point and from speaking
> with people I've heard arguments for either case.
>
> My application uses https sparingly - basically just a login page.
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-
> users@xxxxxxxxxxxxxxxxxxxxxx Send requests to
lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
