I'm going to reply inline to your questions below....My comments prefix with
>>>> for easier reading.
-----Original Message-----
From: Joseph Mack NA3T [mailto:jmack@xxxxxxxx]
Sent: Friday, October 26, 2007 6:25 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: [lvs-users] Multiple HTTPS (per real-server) on LVS-DR does not
work
On Fri, 26 Oct 2007, Michael Moody wrote:
> For those of you who may have a similar problem, here is the solution:
Let me see if I understand your posting.
You've given the config of one of the realservers, which
listens on 2 VIPs as it would if it were a standalone
server. The server has two certificates.
As well the realserver listens on two RIPs whose only
purpose is to answer healthchecking of the https server from
the director.
Michael:
>>>>This is basically correct, yes. I think the RIP also allows apache to
answer the packets which technically come in on the RIP, so apache would be
listening on that port, otherwise, it would not.
(This last point took a while to figure. I chastised some
poor fellow recently for having two RIPs in an https setup -
not realising what he was doing. When I do the check on the
service on the VIP on the realserver from the director, I
ssh to the RIP and then do a health check on the service
listening on the VIP - there's no service listening on the
RIP. I'll e-mail Horms and Alexandre and see if I can get
> virtual=10.0.0.20:443 #https1
you duplicate the realserver (with suitably adjusted RIPs,
but keeping the same certificates on the duplicated
realserver) and then setup the the director to load
balance two independant https services.
Michael:
>>>>I'm not sure I understand what you're saying above, and I'm afraid I
don't know who Horms or Alexandre are. I've managed to get this working with
2 realservers, and my config is complete, so if you need any help, just
simply ask (this goes for anyone who comes across this)
So there's there's nothing particular about having n https
services on an LVS? You just n-fold replicate the service on
the realservers?
Michael:
>>>>This seems to be the key, yes. As long as you're listening on the
service on both the rip and vip, it should work, no matter what the service
is. SSH should do the same thing.
Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|