Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] LVS DR and SSL

  

 
Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


ABhat at trustwave

Oct 21, 2009, 8:50 PM

Post #1 of 2 (190 views)
Permalink
[lvs-users] LVS DR and SSL
Hi,

I’ve setup an LVS DR cluster for apache that’s vhosting several domains with SSL. Four to be exact.

Since it’s not a wildcard cert, I’ve had to setup 8 IP addresses on the server. Four that are the VIPs (using arptables_jf) and four that will listen on port 443 for the VIPs.

Is this the correct way to do this or am I complicating things too much?

As far as I can tell, you can’t have one IP get the traffic for all four VIPs. Is that right?

Thanks

Anoop Bhat
Systems Administrator
Trustwave
70 W. Madison
Chicago, IL, 60602
O: 312.873.7446
C: 312.925.3271



_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users[at]LinuxVirtualServer.org
Send requests to lvs-users-request[at]LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


pmarcus at factual

Oct 21, 2009, 11:04 PM

Post #2 of 2 (175 views)
Permalink
Re: [lvs-users] LVS DR and SSL [In reply to]
Hi Anoop,

I think you are complicating things a bit.
Without having the full picture I will make some assumptions
Let's assume you are hosting 4 unique domains; domain1.com, domain2.com,
domain3.com, domain4.com. each has its own SSL Cert.
If you have copied the SSL certs for each domainX.com to the 4 apache
servers, then all you need to do is set up the VIP IP, which it seems like
you have, and have apache-ssl listen on that VIP
for example, if domain1.com resolves to 192.168.10.11 and domain2.com to
192.168.10.12, etc etc
As long as the real servers have those IP's locally (like you said using
arptables_jf) and apache is listening for each vhost entry to the specific
IP with the specified cert, you should be all done.

To answer your last question, the only way to do it using 1 IP, is to have
apache listen on different ports for each SSL cert. that gets more
complicated, so you're better off doing IP-based for SSL hosting.

Hope this helps,

Philip



On Wed, Oct 21, 2009 at 8:50 PM, Anoop Bhat <ABhat[at]trustwave.com> wrote:

> Hi,
>
> I’ve setup an LVS DR cluster for apache that’s vhosting several domains
> with SSL. Four to be exact.
>
> Since it’s not a wildcard cert, I’ve had to setup 8 IP addresses on the
> server. Four that are the VIPs (using arptables_jf) and four that will
> listen on port 443 for the VIPs.
>
> Is this the correct way to do this or am I complicating things too much?
>
> As far as I can tell, you can’t have one IP get the traffic for all four
> VIPs. Is that right?
>
> Thanks
>
> Anoop Bhat
> Systems Administrator
> Trustwave
> 70 W. Madison
> Chicago, IL, 60602
> O: 312.873.7446
> C: 312.925.3271
>
>
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users[at]LinuxVirtualServer.org
> Send requests to lvs-users-request[at]LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users[at]LinuxVirtualServer.org
Send requests to lvs-users-request[at]LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.