LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] LVS DR and SSL

from [Philip Marcus] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] LVS DR and SSL
From: Philip Marcus <pmarcus@xxxxxxxxxxx>
Date: Wed, 21 Oct 2009 23:04:30 -0700 
Hi Anoop,

I think you are complicating things a bit.
Without having the full picture I will make some assumptions
Let's assume you are hosting 4 unique domains; domain1.com, domain2.com,
domain3.com, domain4.com. each has its own SSL Cert.
If you have copied the SSL certs for each domainX.com to the 4 apache
servers, then all you need to do is set up the VIP IP, which it seems like
you have, and have apache-ssl listen on that VIP
for example, if domain1.com resolves to 192.168.10.11  and domain2.com to
192.168.10.12, etc etc
As long as the real servers have those IP's locally (like you said using
arptables_jf) and apache is listening for each vhost entry to the specific
IP with the specified cert, you should be all done.

To answer your last question, the only way to do it using 1 IP, is to have
apache listen on different ports for each SSL cert. that gets more
complicated, so you're better off doing IP-based for SSL hosting.

Hope this helps,

Philip



On Wed, Oct 21, 2009 at 8:50 PM, Anoop Bhat <ABhat@xxxxxxxxxxxxx> wrote:

> Hi,
>
> I’ve setup an LVS DR cluster for apache that’s vhosting several domains
> with SSL. Four to be exact.
>
> Since it’s not a wildcard cert, I’ve had to setup 8 IP addresses on the
> server. Four that are the VIPs (using arptables_jf) and four that will
> listen on port 443 for the VIPs.
>
> Is this the correct way to do this or am I complicating things too much?
>
> As far as I can tell, you can’t have one IP get the traffic for all four
> VIPs. Is that right?
>
> Thanks
>
> Anoop Bhat
> Systems Administrator
> Trustwave
> 70 W. Madison
> Chicago, IL, 60602
> O: 312.873.7446
> C: 312.925.3271
>
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] LVS DR and SSL, Anoop Bhat
Next by Date:  Re: [lvs-users] In existing setup LocalDirector real servers don't use LD as gateway, why?, Malcolm Turnbull
Previous by Thread:  [lvs-users] LVS DR and SSL, Anoop Bhat
Next by Thread:  [lvs-users] LdirectorD LVS and CentOS/Fedora/RedHat, partysoft
Indexes:  [Date] [Thread] [Top] [All Lists]