Quoting Amos Shapira <amos.shapira@xxxxxxxxx>:
> On Fri, May 30, 2008 at 1:40 AM, <eneal@xxxxxxxxxxxxxxxxx> wrote:
>>
>> This does not appear to be a problem for http, but just recently
>> I added two SSL applications - unique virtual server IP's but the same
>> real servers
>> and I saw some interesting issues
>
> I'm not an expert on keepalived but I know that there are limitations
> in regards of support for multiple virtual HTTPS servers on the same
> port and IP address.
> The problem is that HTTPS requires the server to know which server
> certificate to use before it can see the first request from the client
> which can tell it which virtual server it should "pretend" to be.
Yes I'm aware of those problems. But I'm not encountering those issues.
What I'm seeing is that my http wont work, but https will work. Besides,
the only thing not unique is the real server ip and port. The VIP is
unique here and that's all that should count for the direct routing
method (someone correct me if i'm wrong). As I mentioned, I also tried
this with using a unique port number on the real server (e.g. 444)
instead of 443 just to see. The issue still manifested itself...
>
> The solution is called "Server Name Indication" aka "SNI"
> (http://en.wikipedia.org/wiki/Server_Name_Indication). There is an
> implementation for Apache with gnutls and the latest generation of
> browsers support it (IE 7, Firefox 2, Opera 8) but I can't give you a
> pointer about IIS solutions and the lack of support of SNI in IE 6
> might generally make this a non-solution for a while yet.
Thanks on the SNI pointer. Was not aware of this...
> Hope this helps,
>
> --Amos
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
--------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they
are addressed. This communication may contain material protected by
the attorney-client privilege. If you are not the intended recipient,
be advised that any use, dissemination, forwarding, printing or
copying is strictly prohibited. If you have received this email in
error, please contact the sender and delete all copies.
|