Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: mod_backhand: users

About Apache-SSL configuration

  

 
mod_backhand users RSS feed   Index | Next | Previous | View Threaded


hhoshi at flight

Sep 13, 2004, 5:20 AM

Post #1 of 2 (4355 views)
Permalink
About Apache-SSL configuration
Hi All,

I try to construct the https loadbalancing
using Apache/1.3.26 Ben-SSL/1.48 (Unix) mod_backhand/1.2.1.

-----------------------------------------
Figure 1:
Client ------> Server1 -----> Server2
https(443) https(443)
-----------------------------------------

At first, I tried to configure like Figure1.
but I failed because of following errors

http error log:
[Fri Sep 10 21:30:12 2004] [error] SSL_accept failed
[Fri Sep 10 21:30:12 2004] [error] error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request


Then I attempted to Figure 2.
-----------------------------------------
Figure 2:
Client ------> Server1 -----> Server2
https(443) http(8081)
-----------------------------------------

To achieve Figure2,I configured backhand module
as follows and tested.
The test results looked fine.

But I still can't figure out the typical configuration
of backhand module in case of using https.

It is grateful if anyone explain the typical configuration.
Is following configuration correct for https settings?

@@@@@@ httpsd.conf of Server 1 @@@@@
Listen 443
Listen 8081
:
:
<Directory "/opt/FLIGHTssl/httpsd/htdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
Backhand byRandom
Backhand byAge
Backhand byLoad
</Directory>
:
:
<IfModule mod_backhand.c>
UnixSocketDir /opt/FLIGHTssl/httpsd/backhand
MulticastStats 192.168.aaa.255:4446
AcceptStats 192.168.aaa.0/24
<Location "/LoadBalanceMonitor/">
SetHandler backhand-handler
</Location>
</IfModule>
:
:
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/opt/FLIGHTssl/httpsd/cgi-bin/"
<Directory "/opt/FLIGHTssl/httpsd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
Backhand byRandom
Backhand byAge
Backhand byLoad
</Directory>
</IfModule>
:
:
<VirtualHost _default_:8081>
SSLDisable
</VirtualHost>
<VirtualHost _default_:443>
SSLCACertificatePath /opt/FLIGHTssl/httpsd/ssl
SSLCACertificateFile /opt/FLIGHTssl/httpsd/ssl/server.cert
SSLCertificateFile /opt/FLIGHTssl/httpsd/ssl/server.cert
SSLCertificateKeyFile /opt/FLIGHTssl/httpsd/ssl/secret-key.pem
SSLVerifyClient 0
SSLVerifyDepth 10
SSLFakeBasicAuth
DocumentRoot /opt/FLIGHTssl/httpsd/htdocs
</VirtualHost>
@@@@@@ end httpsd.conf of Server 1 @@@@@


@@@@@ httpsd.conf of Server2 @@@@@
Listen 443
Listen 8081
:
:
<Directory "/opt/FLIGHTssl/httpsd/htdocs">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
:
:
<IfModule mod_backhand.c>
UnixSocketDir /opt/FLIGHTssl/httpsd/backhand
MulticastStats 192.168.aaa.255:4446
AcceptStats 192.168.aaa.0/24
<Location "/LoadBalanceMonitor/">
SetHandler backhand-handler
</Location>
</IfModule>
:
:
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/opt/FLIGHTssl/httpsd/cgi-bin/"
<Directory "/opt/FLIGHTssl/httpsd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModule>
:
:
<VirtualHost _default_:8081>
SSLDisable
</VirtualHost>
<VirtualHost _default_:443>
SSLCACertificatePath /opt/FLIGHTssl/httpsd/ssl
SSLCACertificateFile /opt/FLIGHTssl/httpsd/ssl/server.cert
SSLCertificateFile /opt/FLIGHTssl/httpsd/ssl/server.cert
SSLCertificateKeyFile /opt/FLIGHTssl/httpsd/ssl/secret-key.pem
SSLVerifyClient 0
SSLVerifyDepth 10
SSLFakeBasicAuth
DocumentRoot /opt/FLIGHTssl/httpsd/htdocs
</VirtualHost>
@@@@@ end httpsd.conf of Server2 @@@@@


Kind Regards.

------------------------
Hajime Hoshi System Consultant
FLIGHT System Consulting Inc. ( mailto: hhoshi[at]flight.co.jp )



_______________________________________________
backhand-users mailing list
backhand-users[at]lists.backhand.org
http://lists.backhand.org/mailman/listinfo/backhand-users


jesus at omniti

Sep 13, 2004, 6:18 AM

Post #2 of 2 (4079 views)
Permalink
Re: About Apache-SSL configuration [In reply to]
Hajime Hoshi wrote:

>Hi All,
>
>I try to construct the https loadbalancing
>using Apache/1.3.26 Ben-SSL/1.48 (Unix) mod_backhand/1.2.1.
>
>-----------------------------------------
>Figure 1:
> Client ------> Server1 -----> Server2
> https(443) https(443)
>-----------------------------------------
>
>At first, I tried to configure like Figure1.
>but I failed because of following errors
>
>http error log:
>[Fri Sep 10 21:30:12 2004] [error] SSL_accept failed
>[Fri Sep 10 21:30:12 2004] [error] error:1407609C:SSL
>routines:SSL23_GET_CLIENT_HELLO:http request
>
>
>Then I attempted to Figure 2.
>-----------------------------------------
>Figure 2:
> Client ------> Server1 -----> Server2
> https(443) http(8081)
>
>
Figure 1 isn't supported in the public mod_backhand.

We did implement this for a client, and I believe they are in the
process of deciding whether to push the implementation changes back into
the community.

Figure 2 is the typical approach (as it is much much cheaper). As you
own both endpoints, securing communication betweent the two servers
would be better done using IPsec.

Check the /backhand/ page to make sure that the servers believe they are
advertising the correct ports (IP:8081), If they are not, then flip the
Listen lines or explicitly provide the IP:port explicitly using the 3
arg version of MulticastStats.

Also, make sure you can get to http://ip:8081/ using your browser.

--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth


_______________________________________________
backhand-users mailing list
backhand-users[at]lists.backhand.org
http://lists.backhand.org/mailman/listinfo/backhand-users

mod_backhand users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.