Hi Brian,
I'm not sure what you mean, and probably some other folks as well :-)
IPVS/LVS works on OSI layers 2-4, depending on what you're exactly looking at:
-Direct Routing: LVS receives a packet from the ethernet, rewrites the
destination MAC address to the address of some realserver and sends the
packet back onto the ethernet.
-Masquerading: LVS receives a packet from the ethernet, rewrites the
destination MAC address and IP address to the address of some realserver
and sends the packet back onto the ethernet.
Using masquerading, any replies need to pass the LVS host, where the
replies are rewritten to match the original incoming request.
-Optional for Masquerading: the udp/tcp port is rewritten as well,
so incoming traffic on port 80 may be dispatched to e.g. port 8080 on
some realserver.
Software like ldirectord or keepalived checks the availability of
realservers and does dynamically reconfigure the current in-kernel
IPVS configuration.
So, that's my short wrapup of IPVS/LVS's capabilities.
>From the current thread, I'm not sure what you're up to.
-According to the subject, you're trying to use IPVS/LVS to redirect
from http to https. While in Masquerading mode, IPVS may send incoming
traffic on port 80 to port 443, this won't help you very much, as both
ports do run different protocols and IPVS doesn't translate protocols.
-According to your config files, you're loadbalancing http traffic to
nginx, who does redirect all incoming requests to a different website
(the SSL-enabled version, in this case).
You're using ldirectord for checking the realserver availability, so
ldirectord simply needs to accept a "301 Redirect" via http
as "server is available". If it wouldn't do so, your realserver would
drop out of the running configuration and receive no requests at all.
According to ldirector's source code, http requests are started
as LWP::UserAgent using this call around code line 2868:
$res = $ua->request($req);
The "request"-call does follow any redirects, so ldirectord in turn
doesn not only check if your http-redirect works, but checks the
availability of the SSL website as well.
Probably you're expecting ldirectord only to check the http return
code (301) and not to follow the redirect. One of the easier ways
to achieve this is patching ldirectord from the sequence above to
$res = $ua->simple_request($req);
-You're trying to proxy from SSL to a Non-SSL-Website (SSL Offloading)
or vice versa (forcing SSL-use for users who can't do SSL).
There are various other possible things as well.
Please do describe what your expectations are
(not, what you've done, but what you're expecting it to do).
Best,
Anders
--
1&1 Internet AG Expert Systems Architect (IT Operations)
Brauerstrasse 50 v://49.721.91374.0
D-76135 Karlsruhe f://49.721.91374.225
Amtsgericht Montabaur HRB 6484
Vorstand: Ralph Dommermuth, Frank Einhellinger, Robert Hoffmann,
Andreas Hofmann, Markus Huhn, Hans-Henning Kettler, Uwe Lamnek,
Jan Oetjen, Christian Würst
Aufsichtsratsvorsitzender: Michael Scheeren
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|