LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster

from [Mark] [Permanent Link]
To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster
From: "Mark" <msalists@xxxxxxx>
Date: Mon, 6 Aug 2007 09:55:15 -0700 
The way I solved this problem was to create one virtual IP for each domain, 
plus one local IP on each physical node.
I guess over time you will collect tons of IPs, depending on how many domains 
you have.
I don't have too many (at least not those that require https), so it works for 
me.

Example:

domain-a.com has public IP xxx.xxx.xxx.5 and is redirected to 192.168.1.5 on 
server1 and 192.168.1.6 on server2
domain-b.com has public IP xxx.xxx.xxx.6 and is redirected to 192.168.1.7 on 
server1 and 192.168.1.8 on server2
and so on...

Not particularly elegant, but I am not sure if there is any better way....

I thought that the hostname is part of the encrypted request. If that is true, 
then the certificate can not be linked to the
hostname, but must be linked to an IP, because in order to get the hostname 
from the request, the request has to be decrypted first.
So the proper certificate has to be selected before we even know the hostname. 
If that is wrong, then please correct me...

MARK


> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Ullrich Pfefferlein
> Sent: Monday, August 06, 2007 8:09 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 
> machine cluster
> 
> On 8/6/07, Joseph Mack NA3T <jmack@xxxxxxxx> wrote:
> > On Mon, 6 Aug 2007, Ullrich Pfefferlein wrote:
> >
> > > Due to multiple certificates within one machine requires 
> ip aliasing i
> > > would like to know how to setup this.
> >
> > A certificate is associated with a hostname, not an IP.
> Correct but apache (openssl) requires one ip per https binding. Its
> not possible to setup different domains with name based virtual hosts
> via one single ip address.
> Thats why i spoke about ip aliasing.
> 
> If theres an other way to solve this please let me know.
> 
> Ullrich
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Joseph Mack NA3T
Next by Date:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Ullrich Pfefferlein
Previous by Thread:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Mark
Next by Thread:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Ullrich Pfefferlein
Indexes:  [Date] [Thread] [Top] [All Lists]