Tue Jul  6 15:54:58 BST 2004

director (NAT) + mod_proxy + mod_ssl + apache HOWTO
---------------------------------------------------

This doc is written to answer section 10.19.1 of the LVS HOWTO. You 
might want to do this if you have highly specced director(s) that you don't want
to waste, or not much SSL traffic.

I use this setup to cache all images, and to do SSL acceleration for my real servers.

Requirements:
-------------

1/- Linux 2.4.26 on the director

2/- Carlos Lozano's patch 
	http://marc.theaimsgroup.com/?l=linux-virtual-server&m=108876721223436&w=2

3/- ipvsadm-1.21

4/- your preferred versions of apache and mod_ssl, mod_proxy

Method:
-------

1/- configure the kernel to support LVS (see the HOWTOs).

2/- patch ip_vs_core.c with Carlos' patch

3/- build kernel, install and reboot.

4/- compile and install ipvsadm-1.21

Configure:
----------

Here are my config files for a small cluster with 1 director and 2 real servers.
This config will do the SSL for traffic to editcluster.localnet, and load balance 
both https and http traffic to the 2 realservers.

	+ /etc/hosts

127.0.0.1               localhost
192.168.0.50            director1.localnet editcluster.localnet vhost1.localnet
192.168.1.1             director1.safenet editcluster.safenet vhost1.safenet

192.168.1.3             processor1.safenet 
192.168.1.4             processor2.safenet

	+ ipvsadm

ipvsadm.rules could look like this:

-A -t 192.168.1.1:8080 -s rr
-a -t 192.168.1.1:8080 -r 192.168.1.3:80 -m -w 1
-a -t 192.168.1.1:8080 -r 192.168.1.4:80 -m -w 1

which listens on the director 8080, and load balances the realservers on 
port 80.

	+ apache, note that I have many virtual hosts, and then one domain for the
	SSL content.

#for reverse proxy cache
<IfModule mod_proxy.c>
        CacheRoot                                               "/tmp/proxy"
        CacheSize                                               1000000 
</IfModule>

#for SSL content
<VirtualHost 192.168.0.50:443>
        ServerName editcluster.localnet
        SSLEngine                                               On
        ProxyPass / http://editcluster.safenet:8080/
        ProxyPassReverse / http://editcluster.safenet:8080/
</VirtualHost>

#one of these for each virtual host
<VirtualHost 192.168.0.50:80>
        ServerName vhost1.localnet
        ProxyPass / http://vhost1.safenet:8080/
        ProxyPassReverse / http://vhost1.safenet:8080/
</VirtualHost>

Then you need a properly configured apache on your real servers that is set up
with virtual hosts for vhost1.safenet and editcluster.safenet, all on port 80.