LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster

from [Mark] [Permanent Link]
To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster
From: "Mark" <msalists@xxxxxxx>
Date: Tue, 7 Aug 2007 09:13:32 -0700 
Well, I would imagine that you still need to have all the virtual public IPs, 
because browsers expect to contact port 80 for http
and port 443 for https.
If you have one VIP only and you host domain-a.com on 443 and domain-b.com on 
444, your users usually won't know and try to go to
https://www.domain-b.com
So they will end up on the wrong domain.

Unless you make sure that they all come in through http and not https and then 
have proper redirects from port 80 to 443 / 444 /
etc.
Plus your clients might have firewalls that block ourgoing traffic to 
non-standard ports like these.

But for the local IPs on the realservers the port solution is definitely better 
than the one-IP-per-domain solution.

MARK

 

> -----Original Message-----
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx 
> [mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf 
> Of Joseph Mack NA3T
> Sent: Tuesday, August 07, 2007 4:46 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 
> machine cluster
> 
> On Tue, 7 Aug 2007, Graeme Fowler wrote:
> 
> > There's an alternative, much tidier approach for NAT which 
> only requires
> > one IP per machine - use multiple TCP ports instead of multiple
> > addresses. You can have vhost1 bound to port 443, vhost2 to 
> port 444 and
> > so on (obviously you need to choose this range carefully). 
> You can then
> > configure VIP1:443 to use RS1:444, RS2:444, RS3:444 and so on.
> 
> Hadn't thought of this. Let's see
> 
> o This solves the problem of purchasing 100's of public IPs
> 
> o does not change the number of lines for ipvsadm
> 
> o does not change the number of certificates (the number of 
> hostnames x the number of realservers).
> 
> correct?
> 
> Joe
> 
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] LVS + Xen issue, Matthias Saou
Next by Date:  Re: [lvs-users] LVS + Xen issue, Gerry Reno
Previous by Thread:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Joseph Mack NA3T
Next by Thread:  Re: [lvs-users] Multiple domains with SSL inside a 2 machine cluster, Mark
Indexes:  [Date] [Thread] [Top] [All Lists]