I apologize in advance if this has been answered before, however I
couldn't find a definitive answer in the archives. I'm running the
UltraMonkey implementation of LVS. I have a single load balancer
balancing web traffic to up to 4 servers. There are multiple domains and
VIP's to handle the different traffic, although it is all HTTP and
HTTPS. I have two basic questions:
Do I terminate the SSL traffic at the LB or the real server?
How do I handle the certs? If the traffic is terminated at the real
server do I need a certificate for each real server? Can I use a
name-based cert using the domain name that goes with the virtual IP on
the LB, thus only requiring one certificate?
OK, that's more than two. Any advice will be extremely helpful.
Thanks,
Kenton
|