LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: question

from [Matthew Crocker] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: question
From: Matthew Crocker <matthew@xxxxxxxxxxx>
Date: Wed, 24 Sep 2003 11:05:06 -0400 

On Tuesday, September 23, 2003, at 12:26 PM, Simone Sestini wrote:


I was wondering how to configure a new system with that features.

I would like to use director and bk director like real server too.
I would like to run http and https on that server but i have a trouble..
how can i configure more than one https domain for each server ? Apache need to use for each https domain's an unuque ip so i will need to have a couple of VIP for each https i wanna run ? 

Anyone of you use a similar configuration and could explain me a bit :)
Search some of the archives a bit. I handle my HTTPS servers with LVS-DR going through my LVS director. The actual web servers are not on the Internet. 

Here is what I do.

1) Setup keepalived/VRRP to handle a VIP failover between two LVS boxes
2) Setup a static route in the upstream router for a /24 to the VIP IP address 3) Setup netfilter/iptables to mark packets with dest = the /24 and dport = 443 & 80 with fwmark 0x1 4) Setup LVS to load balance FWM 1 using LVS-DR to the Real servers internal IP (192.168.x.y) 
5) Setup the LVS servers to treat packets with FWM1 as local
6) Setup the real servers to list on each IP in the /24
7) Setup apache with SSL certs for each /24 IP address.
8) Point DNS records for https servers to unqiue IPs in the /24
This works great for me. Only packets in the /24 that are marked with the firewall mark actually hit the LVS server and/or the real servers. All other packets are not treated local by the lVS server and will be routed to its default route which will create a routing loop. If you ping/traceroute it will look broken but if you telnet to port 80 on one of the IPs you will get an answer. This also eliminated any ARP issues because the real servers are not on the same LAN segment as the LVS directors and the router doesn't ARP for the /24 IPs anyway because of the static route.
Most of the configs for steps 3,4,5 are in the archives from a couple months ago. 




Thanks.

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • question, Simone Sestini
    • Re: question, Matthew Crocker <=
Previous by Date:  MasarLabs NoArp: new version 1.2.0, Masar
Next by Date:  RE: Linux Director Reliability, Peter Mueller
Previous by Thread:  question, Simone Sestini
Next by Thread:  RE: LVS + Keepalived performances trouble, Peter Mueller
Indexes:  [Date] [Thread] [Top] [All Lists]