On Mon, 2009-09-14 at 19:52 +0200, Brent Clark wrote:
> As said port 80 is working, and so if I understand this document correctly. I
> am to setup my LVS, and then bind apache's https vhost ip to that of my VIP.
For a -DR ("gate") setup, yes.
> If thats the case, then perfect, cause I see that working. But now for my
> next question, how do I get loadbalancing working. I.e. Send / forward https
> requests / connections to another machine.
Well... if you have port 80 working, then you also have a recipe for
port 443. At the TCP level there is nothing to distinguish the two -
they're simply a TCP service.
However, at the application level they are entirely different beasts.
The simplest approach (with one director; we can touch on failover/HA
later), which you can customise to your local variants:
Director has address 1.2.3.4/24 for "management" on eth0
Director has address 5.6.7.1/24 for the VIP on eth0
Realserver has address 1.2.3.10/24 for "management" on eth0
Realserver has address 5.6.7.1/32 for the VIP on lo
Realserver has Apache bound to 1.2.3.10 ports 80, 443 for healthchecks
Realserver has Apache bound to 5.6.7.1 port 80, 443 for client service
Realserver has appropriate sysctls to manage the ARP problem
Director is then configured to load balance (yes, in this example only
to one server!):
virtual=5.6.7.1:80
real=1.2.3.10:80 gate
service=http
virtualhost=your.host.name
request="index.html"
receive="OK"
scheduler=rr
protocol=tcp
checktype=negotiate
virtual=5.6.7.1:443
real=1.2.3.10:443 gate
service=https
virtualhost=your.host.name
request="index.html"
receive="OK"
scheduler=rr
protocol=tcp
checktype=negotiate
That's about as basic as I can make it (and should work). Note however
the use of the "virtualhost" directive to make sure you request
explicitly a test page from a specific vhost rather than the default
(which could change in some circumstances).
Also note, and I apologise if this is teaching you to suck eggs, but
without an expensive multi-domain("SAN", Subject Alternate Name)
certificate you may only have a single SSL vhost bound to a single IP.
Graeme
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|