Re: LVS & Apache ReverseProxy (mod_proxy) on one machine

[Roberto Nibali <ratz@xxxxxxxxxxxx>]

Hello,

> we tried to setup lvs + apache mod_proxy on one machine but this doesn´t 
> actually work.
>
> Setup:
>
> external network: 10.0.0.0/24
> internal network: 10.0.1.0/24
>
>                                       LVS-Director-Server
> [ client ] -ext. network--> [ (IPVS:80) --> (apache mod_proxy)] --int. 
> network--> [ Realserver ]
>
> The LVS-Director is listening on Port 80 of the externel network interface.
Side note: The director does not really listen, in the sense of socket 
listening, it accepts packets which are listed in the service table and 
forwards them according to a chosen and available destination, based on 
one of the schedulers you configured.
> -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> TCP 10.0.0.100:www lc
> -> 10.0.1.100:81 Local 1 0 0
> -> 10.0.1.100:82 Local 1 0 0
> -> 10.0.1.100:83 Local 1 0 0
> -> 10.0.1.100:84 Local 1 0 0
>
> The Apache webserver is listening on the internal network interface port 
> 81,82,83,84 (virtual hosts).
This will not work, as you've remarked. You should use 4 different RS 
addresses, which could be in the 127.0.0.0/8 range, but the port has to 
stay. It's part of the service identification in LVS_DR or 
LVS_LOCALNODE. Have apache listening on 127.0.0.10-14/24 and set up a 
VIP on 10.0.0.100/32 on lo as secondary IP, and handle the ARP issue.
Then you need to get the routing correct. If you want to route back 
through the director, you might need some patches (I don't remember 
exactly right now); preferable however is some sort of intermediate 
router, so:
client --> router --> LVS --> mod_proxy --> RS
              ^                             v
              +-----------------------------+

However, I don't see why you need multiple RS locally for mod_proxy and 
have only one RS in the the internal network? Or did I misunderstand you 
setup? What is your RS used for? Normally it's the RS that contains 
mod_proxy, or a dedicated node which acts as mod_proxy. I fear that I 
completely misunderstand what you intend to do ;).
> The connection can´t be established. I see InAct(incoming) Connections but the
> reverse-proxy engine doesn´t get any packets. It looks like that the ipvs 
> doesn´t
> forward the packet to a local destination.
It does not really now where.

> Is there any way to realize this kind of setup?
I'd say no, but not 100%, since I'm not sure if I understood exactly 
what you wanted to do. In the beginning I was sure I knew what you were 
after ...
Regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc