|
On Wed, Sep 24, 2003 at 03:51:50PM +1000, Guy Waugh wrote:
> Hi all,
>
> I'm currently setting up an LVS-NAT system with two directors and two
> realservers. The realservers run a proprietary application which uses
> apache (what I will call 'Port 80 apache'), tomcat and another apache
> running on port 8008 with modperl (what I will call 'modperl apache'). The
> application also uses an Oracle database on a separate server (unknown to
> the directors). The realservers listen on port 80, and all traffic to/from
> the realservers goes through this port.
>
> When I install the proprietary software on a realserver, it doesn't
> initially work; the only thing one sees when one hits it with a browser is
> 'proxy error'. This is because of these lines in the Port 80 apache
> httpd.conf file:
> RewriteRule ^/index.html http://%{HTTP_HOST}:8008/index.html [P]
> RewriteRule ^/bin(.*).pl(.*) http://%{HTTP_HOST}:8008/bin$1.pl$2 [P]
> RewriteRule ^/@@(.*) http://%{HTTP_HOST}:8008/@@$1 [P]
> RewriteRule ^/%40%40(.*) http://%{HTTP_HOST}:8008/@@$1 [P]
>
> What appears to be happening is that the client hits the VIP (on the active
> director), and the director passes the hit through to the appropriate
> realserver with, apparently, an HTTP Host: header of the VIP. Port 80
> apache on the realserver sees this Host: header, and as a result, the
> RewriteRules would appear to redirect the hit to port 8008 on the VIP
> (which of course doesn't exist). Hence the proxy error.
>
> To fix this, I've manually edited the httpd.conf file above and replaced
> '%{HTTP_HOST}' with the actual FQDN of the realserver. However, I'm
> wondering if this is but the tip of the proverbial iceberg; a 'grep -r'
> through the application's files for 'HTTP_HOST' turns up quite a few
> occurrences of it.
>
> I'm assuming that, if my LVS director could rewrite the Host: header to be
> the FQDN of the realserver to which it will send the hit, that would fix
> this problem. Is this correct? If so, from a quick read of LVS doco,
> mailing archives etc., it looks like I need a Layer 7 switch? If so, would
> it be ktcpvs or something similar?
>
> Please forgive my somewhat neonatal understanding of this issue - from a
> couple of hours' reading this afternoon, my brain hurts ;-)
Hi Guy,
I suspect that your analysis of the behaviour is correct.
LVS does not change the HTTP Host: header in the incoming
request. In fact LVS has no capacity to change the request at all.
All it does is to manipilate the TCP/IP headers of the incoming
packets so that they end up on the real server instead of the
linux director itself.
If this is a real problem for you it might be possible to write
some sort of helper module, something akin to ip_vs_ftp
to rewrite the headers. Or perhaps, more generically, some
sort of netfilter helper module.
--
Horms
|
