Dear Graeme:
We have solved the SSL Problem after your helps
Thanks for your helps and reply
Thank You
Best Regards
Louis
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx]On Behalf Of Graeme Fowler
Sent: Friday, October 28, 2005 7:15 PM
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Please Help~~~!HTTPS Problem
On Fri 28 Oct 2005 12:00:52 BST , Louis Lam
<louis.lam@xxxxxxxxxxxxxxxxxxxx> wrote:
> 1. ipvsadm -Ln
OK, cool, nothing too complicated there.
> 2. It works for real / private ip.
> It doesn't work for virtual ip.
So you're saying that the client *can* browse directly to the RIP. This
is useful.
> 3. The ip where browser is used for testing is 10.0.58.93
<snip dumps>
It would be useful if you can let everything quiesce (not in LVS terms,
but network terms) so nothing at all is happening and then run "tcpdump
-qn -i[interface] port [80 or 443]" at the same time on the client, the
director, and the realserver. If the director has multiple interfaces
you may have to run with "-i all", without the switch at all, or run it
more than once at the same time.
Then do a connection to port 80 and see what happens, then one to port
443 and see what happens.
> 4. When no clients are trying to connect
<snip ldirectord timing>
OK, got that.
[thinking out loud]
Is the webserver - presumably Apache - bound to port 443 on the VIP on
each realserver? We know you can hit the RIP on the realservers, but as
you're using DR and not NAT this begs the question of whether Apache is
actually listening on the VIP... maybe looking at your SSL virtual host
configuration would be useful here.
Graeme
|