Re: [lvs-users] https connections

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] https connections
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Thu, 25 Oct 2007 11:57:35 -0700 (PDT)
On Thu, 25 Oct 2007, Dan Yocum wrote:

> I've configured 3 VirtualHosts directives in the apache (v2.2.4) conf
> file to use the appropriate cert/key pairs depending on what IP the
> request comes in on (I've tried this by hostname, too - still no luck).
> This same configuration file *is* working on a non-HA system
> ( - I've simply copied the conf files over and
> changed the paths for the SSLCertificateFile and SSLCertificateKeyFile
> variables.

We need to get this written up for the HOWTO (whatever 
"this" turns out to be). I expect you're running into the 
problem of https being name based rather than IP based, ie 
when you come in on VIP1, the machine has to be hostname_1 
and when you come in on VIP2, the machine has to be 
hostname_2. However I don't know how you do this.

Can you get a single (non-lvs) server to serve up two https 
sites? Can you get your lvs setup to balance https with only 
one VIP?

Someone else is going to have to take it from here.

> One potential clue (or red herring), if I enable the following iptables
> rules I *can* connect to the web server, but it always gets redirected
> to the primary IP

it's a red herring. see the HOWTO for "transparent proxy"

Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at
Homepage It's GNU/Linux!

<Prev in Thread] Current Thread [Next in Thread>