LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Multiple HTTPS (per real-server) on LVS-DR does not work

To: "'LinuxVirtualServer.org users mailing list.'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Multiple HTTPS (per real-server) on LVS-DR does not work
From: "Michael M." <michael@xxxxxx>
Date: Sat, 27 Oct 2007 18:34:07 -0700
I'm going to reply inline to your questions below....My comments prefix with
>>>> for easier reading.

-----Original Message-----
From: Joseph Mack NA3T [mailto:jmack@xxxxxxxx] 
Sent: Friday, October 26, 2007 6:25 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: [lvs-users] Multiple HTTPS (per real-server) on LVS-DR does not
work

On Fri, 26 Oct 2007, Michael Moody wrote:

> For those of you who may have a similar problem, here is the solution:

Let me see if I understand your posting.

You've given the config of one of the realservers, which 
listens on 2 VIPs as it would if it were a standalone 
server. The server has two certificates.

As well the realserver listens on two RIPs whose only 
purpose is to answer healthchecking of the https server from 
the director.

Michael:
>>>>This is basically correct, yes. I think the RIP also allows apache to
answer the packets which technically come in on the RIP, so apache would be
listening on that port, otherwise, it would not.


(This last point took a while to figure. I chastised some 
poor fellow recently for having two RIPs in an https setup - 
not realising what he was doing. When I do the check on the 
service on the VIP on the realserver from the director, I 
ssh to the RIP and then do a health check on the service 
listening on the VIP - there's no service listening on the 
RIP. I'll e-mail Horms and Alexandre and see if I can get

> virtual=10.0.0.20:443 #https1

you duplicate the realserver (with suitably adjusted RIPs, 
but keeping the same certificates on the duplicated 
realserver) and then setup the the director to load 
balance two independant https services.

Michael:
>>>>I'm not sure I understand what you're saying above, and I'm afraid I
don't know who Horms or Alexandre are. I've managed to get this working with
2 realservers, and my config is complete, so if you need any help, just
simply ask (this goes for anyone who comes across this)

So there's there's nothing particular about having n https 
services on an LVS? You just n-fold replicate the service on 
the realservers?

Michael:
>>>>This seems to be the key, yes. As long as you're listening on the
service on both the rip and vip, it should work, no matter what the service
is. SSH should do the same thing.


Thanks Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!





<Prev in Thread] Current Thread [Next in Thread>