Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-16-2006, 06:12 AM   #1
LQ Newbie
Registered: Mar 2006
Posts: 1

Rep: Reputation: 0
Angry Help! RedHat Cluster Suite, LVS, and SSL problem

We have installed the Redhat Cluster Suite to do the load balancing task.
Also, we need to handle SSL (https) request. From the documentation, it simply mention that to use the firewall mark. However, the cluster has setup but only port 80 (http) can work.

I have read a lot of documents from different websites, but cannot find a solution.
Is anyone has this experience.

The configurations like that:
There are two virtual servers acted as "router", and there are two application servers under it.

Also, the two Real servers need to run https.

[HTML] Firewall
| |
| |
_____|____ ____|_____
| | | |
| LVS 1 | | LVS 2 | (hot standby)
|_________| |_________|
| .... (the connection from here is not drawn)
| |
__________|________ ________|_________
| | | |
| Real Server 1 | | Real Server 2 |
|__________________| |_________________|[/HTML]

What my configuration is working is, for http request, the load balancing works well, i.e. sometimes the request will go to Real Server 1 while sometimes it will go to Real Server 2.

But we have to implement https protocol. According to the documentation, it said that it can done by using the firewall mark, but we cannot make it work.
May be we have missed something, may be something has miss configurated.

Also, anyone knows that, using the above settings, where is the SSL certificate to be installed?
Since, someone said that it must be installed in the LVS 1 (and 2), but someone (and I agreed that) to install on Real Servers 1 and 2.

On my opinion, as the LVS only acted like a router to route the request to RS 1 and 2, it don't really work on the request, so I think it is no reason to install the certificate on it.

Finally, someone even suggest that the SSL certificate to be installed on the firewalls.

I am really very puzzled the above setting for weeks but cannot get the answer. Hope anyone here can share his/her experiences.

Thanks in advance for any suggestion.

Last edited by michael.wong; 03-16-2006 at 06:15 AM. Reason: the "drawings" cannot display properly
Old 01-22-2007, 04:50 PM   #2
LQ Newbie
Registered: Oct 2003
Posts: 26

Rep: Reputation: 15
Digging this up from the grave, since I have the same issue...

I am imagining that to handle multiple SSLs each with their own IP, the LB and the real servers would all need a similar range of IP addresses. For instance:

LB1 -
Node1 -
Node2 -

Then in you'd have to configure a separate LVS entry for each SSL. For instance:

real= masq
real= masq
receive="Test Page"

Im guessing it would be wise to create an entry for regular HTTP as well. This could potentially leave you with some large configurations files.

I dont suppose theres a quick way to do this, is there?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redhat Cluster suite magobin Linux - Enterprise 0 03-13-2006 07:00 AM
redhat Cluster Suite marpel Red Hat 0 01-19-2006 09:05 AM
RedHat Cluster Suite - No Quorum vamosb Linux - Enterprise 9 12-09-2005 08:16 AM
redhat cluster suite matter comdaze Linux - Software 1 10-20-2005 04:18 AM
redhat cluster suite matter comdaze Linux - Enterprise 0 10-20-2005 12:10 AM

All times are GMT -5. The time now is 06:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration