LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: Please Help~~~!HTTPS Problem

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Please Help~~~!HTTPS Problem
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Fri, 28 Oct 2005 12:15:11 +0100
On Fri 28 Oct 2005 12:00:52 BST , Louis Lam <louis.lam@xxxxxxxxxxxxxxxxxxxx> wrote:
1. ipvsadm -Ln

OK, cool, nothing too complicated there.

2. It works for real / private ip.
   It doesn't work for virtual ip.

So you're saying that the client *can* browse directly to the RIP. This is useful.

3.  The ip where browser is used for testing  is 10.0.58.93
<snip dumps>
It would be useful if you can let everything quiesce (not in LVS terms, but network terms) so nothing at all is happening and then run "tcpdump -qn -i[interface] port [80 or 443]" at the same time on the client, the director, and the realserver. If the director has multiple interfaces you may have to run with "-i all", without the switch at all, or run it more than once at the same time. Then do a connection to port 80 and see what happens, then one to port 443 and see what happens.

4. When no clients are trying to connect
<snip ldirectord timing>

OK, got that.


[thinking out loud]

Is the webserver - presumably Apache - bound to port 443 on the VIP on each realserver? We know you can hit the RIP on the realservers, but as you're using DR and not NAT this begs the question of whether Apache is actually listening on the VIP... maybe looking at your SSL virtual host configuration would be useful here.

Graeme


<Prev in Thread] Current Thread [Next in Thread>