LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: HTTPS

from [Volker Dormeyer] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPS
From: Volker Dormeyer <volker@xxxxxxxxxxxx>
Date: Wed, 24 Aug 2005 16:49:20 +0200 
Hi Brad,

 * On Tue, 23 Aug 2005 16:11:56 -0400,
 * "Brad Taylor" <btaylor@xxxxxxxxxxxx> wrote:

 > Thanks but how can it be normal? The site does not show and seems to be
 > left in a loop. My real server is a Squid in accelerator mode. LVS is
 > setup for DR. I've been using Ultra Monkey to get this setup. Requests
 > directly to Squid work without problems. Squid is setup with the
 > loopback VIP as described on the Ultra monkey site. The gateway is set
 > to the firewall/router. What can I try to fix this?

and I thought you got a positive result in the web browser. Currently, I
have no idea what is going on in your environment. Maybe, somebody else
on this list knows.

However, could you please send the output of ipvsadm -lnc while you try to
connect to? A tcpdump taken on one of your squid systems might be
helpful, too. Did you change the configuration in ldirectord.cf since
your last post?

Regards,
Volker


 > -----Original Message-----
 > From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
 > [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Volker
 > Dormeyer
 > Sent: Tuesday, August 23, 2005 3:50 PM
 > To: LinuxVirtualServer.org users mailing list.
 > Subject: Re: HTTPS

 > Hi Brad,

 * On Mon, 22 Aug 2005 12:22:26 -0400,
 * "Brad Taylor" <btaylor@xxxxxxxxxxxx> wrote:

 > Thanks.
 > Got the weights to be correct but now getting all requests to be
 > inactive:

 > [root@LB_Master ha.d]# ipvsadm -L
 > IP Virtual Server version 1.0.8 (size=65536)
 > Prot LocalAddress:Port Scheduler Flags
 > -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
 > TCP  10.10.1.20:https wlc persistent 600
 > -> 10.10.1.13:https             Route   1      0          3
 > -> 10.10.1.12:https             Route   1      0          0

 > What can I do so that the connection is active?

 > This should be normal, there are just 3 connections inactive, because
 > the
 > data has already been transfered and they are closed. A normal HTTP
 > connection is closed, after the data has been transfered from server to
 > the client. When you click on a link in a web page, another connection
 > will be initiated by the client to the server.

 > If you do "ipvsadm -lnc" you should see at least these three connections
 > in state TIME_WAIT. As soon as the timeout ends, the connection entries
 > will be removed from the table.

 > The behaviour changes, when client and server support "persistent HTTP"
 > connections (not to interchange with persistence provided by LVS). A
 > persistent HTTP connection is kept open, as long either the client or
 > the server decide to close it. That means even if the client received
 > the requested document, the connection stays open. As already mentioned,
 > this has nothing to with the persistence functionality provided by LVS
 > which means to stick a single client to one real server for a defined
 > amount of time, even for new initiated connections.

 > Regards,
 > Volker

 > --
 Volker Dormeyer        <volker@xxxxxxxxxxxx>



 * On Fri, 19 Aug 2005 16:47:22 -0400,
 * "Brad Taylor" <btaylor@xxxxxxxxxxxx> wrote:

 > I've setup an LVS and a Squid in reverse proxy mode. Squid is setup
 > with
 > a certificate to decrypt https traffic and sends http back to the
 > real
 > server. This has been tested and working. I've setup another Squid
 > and
 > real server the same way. Now I'm trying to get the LVS to load
 > balance
 > the Squids. The request would be https to the LVS then https to
 > Squid.
 > Squid would decrypt the https and forward http to the backend server.
 > Here is my conf file:

 > [...]

 > # Virtual Server for HTTP
 > virtual=10.10.1.20:443
 >      fallback=127.0.0.1:80
 >      real=10.10.1.12:443 gate
 >      real=10.10.1.13:443 gate
 >      service=http

 > this seems to be the problem. Please set service=https instead of
 > http. Ldirectord will use HTTPS to negotiate, then.

 > [...]

 > Regards,
 > Volker

 > --
 Volker Dormeyer        <volker@xxxxxxxxxxxx>


 > _______________________________________________
 > LinuxVirtualServer.org mailing list -
 > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
 > _______________________________________________
 > LinuxVirtualServer.org mailing list -
 > lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users

 > _______________________________________________
 > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
 > _______________________________________________
 > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
 > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  persistence between different RIPs, HoWE
Next by Date:  ultramonkey fail over, Longhua Li
Previous by Thread:  RE: HTTPS, Brad Taylor
Next by Thread:  uses of NOIP service, massimiliano conteduca
Indexes:  [Date] [Thread] [Top] [All Lists]