First of all: https is 443, not 441 (unless you intentionally changed this). Or
does your SSLProxy use 441 on the downstream side?
You can not forward HTTPS (443) to HTTP (80) just like this, unless you
configure your webserver to expect https requests on port
80.
Https is different from http in a way that there are additional handshake- and
encryption/decryption steps, and your webserver needs
to know what to expect on each port (at least for the apache httpd server - I
don't know which webserver you are using).
The SSLProxy should be doing the HTTPS processing, including the port switch
from 443 to 80.
So in your case, you have two options how to chain your modules:
1. client -> loadbalancer (443) -> SSLProxy (443) -> Webserver (80)
Or
2. client -> SSLProxy (443) -> loadbalancer (80) -> Webserver (80)
I would suggest the first solution, since this allows you to loadbalance
multiple SSLProxies as well, if you should run into
performance problems with that part...
Hope this helps.
MARK
> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf
> Of Longhua Li
> Sent: Tuesday, October 11, 2005 10:01 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: LVS problem with SSLProxy
>
>
> Here is my scenario.
>
> My Load Balancer handles SSL requests, but my real servers
> don't. I have an SSLProxy running on the Load Balancer.
> Question is: Can I actually load balance the requests 441 to
> real servers port 80? Many thanks!
>
> I set the config like this:
>
> virtual=xxx.xxx.xxx.xxx:441
>
> service=https
>
> fallback=127.0.0.1:441
>
> request="index.html"
>
> receive="Test Page"
>
> scheduler=rr
>
> protocol=tcp
>
> checktype=negotiate
>
> real=192.168.0.233:80 masq 1
>
> real=192.168.0.234:80 masq 1
>
>
>
> But after running ldirectord
>
> /sbin/ipvsadm -L -n
>
> Gives the following:
>
>
>
> TCP xxx.xxx.xxx.xxx:441 rr
>
> -> 192.168.0.233:441 Masq 0 0 0
>
> -> 192.168.0.234:441 Masq 0 0 0
>
> -> 127.0.0.1:441 Local 1 0 0
>
>
>
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list -
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send requests to
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
|