|
Hi everyone,
I have been trying to duplicate our ssl accelerator/load balancer using
stunnel and the virtual server capabilities of the linux kernel.
What I would like to do is have stunnel take ssl requests decrypt them
(pass them as plain http) then load balance the plain text traffic
across multiple webservers. If possible, the stunnel and virtual server
on the same machine.
My stunnel config looks like
[https]
accept = extenal_ip:443
connect = 127.0.0.1:80
TIMEOUTclose = 0
and the ipvs looks like
/sbin/ipvsadm -A -t 127.0.0.1:80 -s rr
/sbin/ipvsadm -a -t 127.0.0.1:80 -r 192.168.5.5:80 -w 1
I have compiled all the virtual server code into the 2.6.7 kernel.
Can I do this all on the same machine? Or at all? I have read about
persistant connections and ssl in conjunction with the virtual server
code, but I do not believe that is the problem here. I believe since I
never see a syn packet hitting my webserver (192.168.5.5) behind the
stunnel/virtual server machine. Also I know my stunnel works when I do
not try to use the virtual server. I have also flushed all of my
iptables rules.
Any ideas?
Thank you in advance,
Ryan
|
