Re: [lvs-users] Is ldirectord the right choice for https through and thr

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Is ldirectord the right choice for https through and through
From: Sander Klein <roedie@xxxxxxxxx>
Date: Thu, 07 Nov 2013 08:48:15 +0100

On 06.11.2013 22:09, Jacob Gibson wrote:
> I was happily using HAProxy, until I received word that we need to 
> also
> encrypt traffic to the web servers.  So, internet --https--> load 
> balancer
> --https--> web servers.  Would ldirectord be a more appropriate 
> choice?  We
> don't need any Layer 7 rules.
> We do need the following:
> 1) HTTPS all the way through
> 2) Web servers need to see the IP of the user
> 3) Users need sticky sessions to a web server (where the sticky 
> assignment
> counter gets refreshed on each user request)
> 4) HTTPS Keep-Alive support
> 6) Mobile and older browser support (I say this because I keep reading 
> this
> about SNI, but I don't know if that applies to us)
> I believe ldirectord can do #1 and #2, but don't know about #3-#6.

You can do #1 also with HAProxy. At least, if you take 1.5-dev.

#2 is possible but you need to do some 'tricks' for that. Using 
X-Forwarded-For headers and mod-rpaf if using Apache will make the 
webservers see the originating address.



Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to

<Prev in Thread] Current Thread [Next in Thread>