LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: HTTPS Service through LVS

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPS Service through LVS
From: Horms <horms@xxxxxxxxxxxx>
Date: Tue, 18 Oct 2005 14:53:25 +0900
On Tue, Oct 18, 2005 at 12:21:04PM +0800, Louis Lam wrote:
> Dear All:
> 
> do the LVS https services must be set up with SSL PROXY squid?

No

> Can i set up the https services without SSL PROXY?

Yes

> Can anyone verify  my configuration proccess? any missing step which lead the 
> failure to setting up a https services ?
> My step of configure the https services as below:
> 
> 1---add the VIP on Director
>       ifconfig eth0:0 10.0.58.136 netmask 255.255.255.255 broadcast 
> 10.0.58.136

This should be the netsmask and broadcast of your network, probably:

        ifconfig eth0:0 10.0.58.136 netmask 255.255.255.0 broadcast 10.0.58.255

> 2---Handle the ARP problem on Director
>       echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> 
> 3-----Add thehttps servive
>       ipvsadm -A -t 10.0.58.136:443 -s rr
>       ipvsadm -a -t 10.0.58.136:443 -r 10.0.58.231 -g

What is the output of ipvsadm -Ln ?

> 4---- add the VIP on the real server
>       ifconfig eth0:0 10.0.58.136 netmask 255.255.255.255 broadcast 
> 10.0.58.136

This should be lo:0 and not eth0:0

>       ifconfig lo:0 10.0.58.136 netmask 255.255.255.255 broadcast 10.0.58.136

> 
> 
> 5--- Handle the ARP problem on Real Server
>       echo 1 > /proc/sys/net/ipv4/ip_forward
>       echo 1 > /proc/sys/net/ipv4/conf/all/hidden
>       echo 1 > /proc/sys/net/ipv4/conf/lo/hidden OR echo 1 > 
> /proc/sys/net/ipv4/conf/eth0/hidden

Does /proc/sys/net/ipv4/conf/all/hidden ?

If so you want 
echo 1 > /proc/sys/net/ipv4/conf/lo/hidden

And not

echo 1 > /proc/sys/net/ipv4/conf/eth0/hidden

> 6--- start Apache

Make sure it is listening for connections to 10.0.58.136:443

-- 
Horms

<Prev in Thread] Current Thread [Next in Thread>