Help! RedHat Cluster Suite, LVS, and SSL problem
We have installed the Redhat Cluster Suite to do the load balancing task.
Also, we need to handle SSL (https) request. From the documentation, it simply mention that to use the firewall mark. However, the cluster has setup but only port 80 (http) can work. I have read a lot of documents from different websites, but cannot find a solution. Is anyone has this experience. The configurations like that: There are two virtual servers acted as "router", and there are two application servers under it. Also, the two Real servers need to run https. [HTML] Firewall | | ________|________ | | | | _____|____ ____|_____ | | | | | LVS 1 | | LVS 2 | (hot standby) |_________| |_________| | .... (the connection from here is not drawn) | |________________________________ | | __________|________ ________|_________ | | | | | Real Server 1 | | Real Server 2 | |__________________| |_________________|[/HTML] What my configuration is working is, for http request, the load balancing works well, i.e. sometimes the request will go to Real Server 1 while sometimes it will go to Real Server 2. But we have to implement https protocol. According to the documentation, it said that it can done by using the firewall mark, but we cannot make it work. :( redhat.com/docs/manuals/enterprise/RHEL-3-Manual/cluster-suite/s1-lvs-multi.html May be we have missed something, may be something has miss configurated. Also, anyone knows that, using the above settings, where is the SSL certificate to be installed? Since, someone said that it must be installed in the LVS 1 (and 2), but someone (and I agreed that) to install on Real Servers 1 and 2. On my opinion, as the LVS only acted like a router to route the request to RS 1 and 2, it don't really work on the request, so I think it is no reason to install the certificate on it. Finally, someone even suggest that the SSL certificate to be installed on the firewalls. I am really very puzzled the above setting for weeks but cannot get the answer. Hope anyone here can share his/her experiences. Thanks in advance for any suggestion. |
Digging this up from the grave, since I have the same issue...
I am imagining that to handle multiple SSLs each with their own IP, the LB and the real servers would all need a similar range of IP addresses. For instance: LB1 10.10.1.1 - 10.10.1.255 Node1 10.10.2.1 - 10.10.2.255 Node2 10.10.3.1 - 10.10.3.255 Then in ldirectord.cf you'd have to configure a separate LVS entry for each SSL. For instance: virtual=10.10.1.58:443 real=10.10.2.58:443 masq real=10.10.3.58:443 masq service=https request="ldirector.html" receive="Test Page" scheduler=wlc protocol=tcp checktype=negotiate Im guessing it would be wise to create an entry for regular HTTP as well. This could potentially leave you with some large configurations files. I dont suppose theres a quick way to do this, is there? Thanks, -Tony |
All times are GMT -5. The time now is 07:15 PM. |