LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Help! RedHat Cluster Suite, LVS, and SSL problem (https://www.linuxquestions.org/questions/linux-networking-3/help-redhat-cluster-suite-lvs-and-ssl-problem-425325/)

michael.wong 03-16-2006 05:12 AM
Help! RedHat Cluster Suite, LVS, and SSL problem
 
We have installed the Redhat Cluster Suite to do the load balancing task.
Also, we need to handle SSL (https) request. From the documentation, it simply mention that to use the firewall mark. However, the cluster has setup but only port 80 (http) can work.

I have read a lot of documents from different websites, but cannot find a solution.
Is anyone has this experience.

The configurations like that:
There are two virtual servers acted as "router", and there are two application servers under it.

Also, the two Real servers need to run https.


[HTML] Firewall
|
|
________|________
| |
| |
_____|____ ____|_____
| | | |
| LVS 1 | | LVS 2 | (hot standby)
|_________| |_________|
| .... (the connection from here is not drawn)
|
|________________________________
| |
__________|________ ________|_________
| | | |
| Real Server 1 | | Real Server 2 |
|__________________| |_________________|[/HTML]





What my configuration is working is, for http request, the load balancing works well, i.e. sometimes the request will go to Real Server 1 while sometimes it will go to Real Server 2.

But we have to implement https protocol. According to the documentation, it said that it can done by using the firewall mark, but we cannot make it work. :(
redhat.com/docs/manuals/enterprise/RHEL-3-Manual/cluster-suite/s1-lvs-multi.html
May be we have missed something, may be something has miss configurated.

Also, anyone knows that, using the above settings, where is the SSL certificate to be installed?
Since, someone said that it must be installed in the LVS 1 (and 2), but someone (and I agreed that) to install on Real Servers 1 and 2.

On my opinion, as the LVS only acted like a router to route the request to RS 1 and 2, it don't really work on the request, so I think it is no reason to install the certificate on it.

Finally, someone even suggest that the SSL certificate to be installed on the firewalls.

I am really very puzzled the above setting for weeks but cannot get the answer. Hope anyone here can share his/her experiences.

Thanks in advance for any suggestion.

GuitsBoy 01-22-2007 03:50 PM
Digging this up from the grave, since I have the same issue...

I am imagining that to handle multiple SSLs each with their own IP, the LB and the real servers would all need a similar range of IP addresses. For instance:

LB1 10.10.1.1 - 10.10.1.255
Node1 10.10.2.1 - 10.10.2.255
Node2 10.10.3.1 - 10.10.3.255

Then in ldirectord.cf you'd have to configure a separate LVS entry for each SSL. For instance:

virtual=10.10.1.58:443
real=10.10.2.58:443 masq
real=10.10.3.58:443 masq
service=https
request="ldirector.html"
receive="Test Page"
scheduler=wlc
protocol=tcp
checktype=negotiate

Im guessing it would be wise to create an entry for regular HTTP as well. This could potentially leave you with some large configurations files.

I dont suppose theres a quick way to do this, is there?

Thanks,
-Tony


All times are GMT -5. The time now is 07:15 PM.