|
It gets a little more interesting. I fired up Apache/ssl on the
realservers as opposed to Tomcat, and SSL now works fine through the VIP.
The only thing I can see that's different here is the cipher suite. I'm
clueless.. are there any Tomcat gurus out there that may have some advice?
I'll try to get a better dump of the traffic and relevant Tomcat config
snippet.. I'm off today but manage to be working as usual.
Dana
>>>>>>
In article <Pine.GSO.4.58.0510081922330.19239@xxxxxxxxxxxxxxxxxx> you
wrote:
[snip, lots of good stuff]
>
> If I do a solaris 'snoop' on the realserver, I see a brief spurt of
> traffic from my desktop. Instead of the realserver hostname, I see the
> virtualhost hostname, which I'm assuming is normal since lo0:1 is
> configured with the VIP in DR:
Yes, as you are using LVS-DR this is expected. If you look carefully
these packackets have hte MAC address of the real server, not the
linux director.
> ---------------------------------------------------------
> mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
> virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
> mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
> virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
> mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
> virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
>
> That's it. Any ideas?? Like I said, http/port80 works like a champ...
Its a little hard to tell from that trace (is there a way to have
it show more information, like the SYN/ACK flags and the mac
addresses?), but I suspect that the replies (virtualhost->mydesktop)
are not getting back to mydesktop, even though virtualhost is clearly
sending them, and mydesktop is retransmitting.
Its very very odd that this works with HTTP and not HTTPS :(
--
Horms
H: http://www.vergenet.net/~horms/ W:
http://www.valinux.co.jp/en/
|
