LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] https not working - http OK

To: Robin Bowes <robin-lists@xxxxxxxxxxxxxx>
Subject: Re: [lvs-users] https not working - http OK
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Thu, 17 Dec 2009 09:37:30 +1100
On Wed, Dec 16, 2009 at 05:00:11PM +0000, Robin Bowes wrote:
> On 16/12/09 16:55, Robin Bowes wrote:
> > 
> > The http service works fine, but the https service does not:
> 
> Just to clarify:
> 
> > # wget --spider --tries=1 http://192.168.55.60
> > Spider mode enabled. Check if remote file exists.
> > --2009-12-16 16:49:35--  http://192.168.55.60/
> > Connecting to 192.168.55.60:80... connected.
> > HTTP request sent, awaiting response... 200 OK
> 
> This shows that the http LB is working OK
> 
> > # wget --spider --timeout=5 --tries=1 https://192.168.55.60
> > Spider mode enabled. Check if remote file exists.
> > --2009-12-16 16:51:26--  https://192.168.55.60/
> > Connecting to 192.168.55.60:443... failed: Connection timed out.
> > Giving up.
> 
> This shows that the https LB is not working
> 
> > Each of the individual real servers works OK, eg:
> > 
> > # wget --spider --timeout=5 --tries=1 --no-check-certificate
> > https://192.168.55.6
> > Spider mode enabled. Check if remote file exists.
> > --2009-12-16 16:52:34--  https://192.168.55.6/
> > Connecting to 192.168.55.6:443... connected.
> > WARNING: certificate common name `*.example.com' doesn't match requested
> > host name `192.168.55.6'.
> > HTTP request sent, awaiting response... 200 OK
> > Length: 1157 (1.1K) [text/html]
> 
> This shows that https to a real server is working OK.
> 
> I'm really stuck as to how to debug this any further.

Could you look at the output of ipvsadm -Ln and see if the
connection count increases when you try to make an https request?

Are you sure there aren't any iptables rules in the way?

Doing some analysis with tcpdump or similar on the linux-director
would be the next step I would take after that.


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>