LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 03-16-2006, 06:12 AM   #1
michael.wong
LQ Newbie
 
Registered: Mar 2006
Posts: 1

Rep: Reputation: 0
Angry Help! RedHat Cluster Suite, LVS, and SSL problem


We have installed the Redhat Cluster Suite to do the load balancing task.
Also, we need to handle SSL (https) request. From the documentation, it simply mention that to use the firewall mark. However, the cluster has setup but only port 80 (http) can work.

I have read a lot of documents from different websites, but cannot find a solution.
Is anyone has this experience.

The configurations like that:
There are two virtual servers acted as "router", and there are two application servers under it.

Also, the two Real servers need to run https.


[HTML] Firewall
|
|
________|________
| |
| |
_____|____ ____|_____
| | | |
| LVS 1 | | LVS 2 | (hot standby)
|_________| |_________|
| .... (the connection from here is not drawn)
|
|________________________________
| |
__________|________ ________|_________
| | | |
| Real Server 1 | | Real Server 2 |
|__________________| |_________________|[/HTML]





What my configuration is working is, for http request, the load balancing works well, i.e. sometimes the request will go to Real Server 1 while sometimes it will go to Real Server 2.

But we have to implement https protocol. According to the documentation, it said that it can done by using the firewall mark, but we cannot make it work.
redhat.com/docs/manuals/enterprise/RHEL-3-Manual/cluster-suite/s1-lvs-multi.html
May be we have missed something, may be something has miss configurated.

Also, anyone knows that, using the above settings, where is the SSL certificate to be installed?
Since, someone said that it must be installed in the LVS 1 (and 2), but someone (and I agreed that) to install on Real Servers 1 and 2.

On my opinion, as the LVS only acted like a router to route the request to RS 1 and 2, it don't really work on the request, so I think it is no reason to install the certificate on it.

Finally, someone even suggest that the SSL certificate to be installed on the firewalls.

I am really very puzzled the above setting for weeks but cannot get the answer. Hope anyone here can share his/her experiences.

Thanks in advance for any suggestion.

Last edited by michael.wong; 03-16-2006 at 06:15 AM. Reason: the "drawings" cannot display properly
 
Old 01-22-2007, 04:50 PM   #2
GuitsBoy
LQ Newbie
 
Registered: Oct 2003
Posts: 26

Rep: Reputation: 15
Digging this up from the grave, since I have the same issue...

I am imagining that to handle multiple SSLs each with their own IP, the LB and the real servers would all need a similar range of IP addresses. For instance:

LB1 10.10.1.1 - 10.10.1.255
Node1 10.10.2.1 - 10.10.2.255
Node2 10.10.3.1 - 10.10.3.255

Then in ldirectord.cf you'd have to configure a separate LVS entry for each SSL. For instance:

virtual=10.10.1.58:443
real=10.10.2.58:443 masq
real=10.10.3.58:443 masq
service=https
request="ldirector.html"
receive="Test Page"
scheduler=wlc
protocol=tcp
checktype=negotiate

Im guessing it would be wise to create an entry for regular HTTP as well. This could potentially leave you with some large configurations files.

I dont suppose theres a quick way to do this, is there?

Thanks,
-Tony
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redhat Cluster suite magobin Linux - Enterprise 0 03-13-2006 07:00 AM
redhat Cluster Suite marpel Red Hat 0 01-19-2006 09:05 AM
RedHat Cluster Suite - No Quorum vamosb Linux - Enterprise 9 12-09-2005 08:16 AM
redhat cluster suite matter comdaze Linux - Software 1 10-20-2005 04:18 AM
redhat cluster suite matter comdaze Linux - Enterprise 0 10-20-2005 12:10 AM


All times are GMT -5. The time now is 03:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration