LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: LVS problem with SSLProxy

To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: LVS problem with SSLProxy
From: "Mark" <msalists@xxxxxxx>
Date: Tue, 11 Oct 2005 10:12:44 -0700
First of all: https is 443, not 441 (unless you intentionally changed this). Or 
does your SSLProxy use 441 on the downstream side?
You can not forward HTTPS (443) to HTTP (80) just like this, unless you 
configure your webserver to expect https requests on port
80.
Https is different from http in a way that there are additional handshake- and 
encryption/decryption steps, and your webserver needs
to know what to expect on each port (at least for the apache httpd server - I 
don't know which webserver you are using).
The SSLProxy should be doing the HTTPS processing, including the port switch 
from 443 to 80.

So in your case, you have two options how to chain your modules:
1. client -> loadbalancer (443) -> SSLProxy (443) -> Webserver (80)
Or
2. client -> SSLProxy (443) -> loadbalancer (80) -> Webserver (80)

I would suggest the first solution, since this allows you to loadbalance 
multiple SSLProxies as well, if you should run into
performance problems with that part...

Hope this helps.

MARK


> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Longhua Li
> Sent: Tuesday, October 11, 2005 10:01 AM
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: LVS problem with SSLProxy
> 
> 
> Here is my scenario.
> 
> My Load Balancer handles SSL requests, but my real servers 
> don't. I have an SSLProxy running on the Load Balancer. 
> Question is: Can I actually load balance the requests 441 to 
> real servers port 80? Many thanks!
> 
> I set the config like this:
> 
> virtual=xxx.xxx.xxx.xxx:441
> 
>         service=https
> 
>         fallback=127.0.0.1:441
> 
>         request="index.html"
> 
>         receive="Test Page"
> 
>         scheduler=rr
> 
>         protocol=tcp
> 
>         checktype=negotiate
> 
>         real=192.168.0.233:80 masq 1
> 
>         real=192.168.0.234:80 masq 1
> 
>  
> 
> But after running ldirectord
> 
> /sbin/ipvsadm -L -n 
> 
> Gives the following:
> 
>  
> 
> TCP  xxx.xxx.xxx.xxx:441 rr
> 
>   -> 192.168.0.233:441            Masq    0      0          0         
> 
>   -> 192.168.0.234:441            Masq    0      0          0         
> 
>   -> 127.0.0.1:441                Local   1      0          0
> 
>  
> 
>  
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - 
> lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send requests to 
> lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> 


<Prev in Thread] Current Thread [Next in Thread>