AW: HTTP-HTTPS

Steder, Michael Michael.Steder at bonprix.net
Tue Jan 14 09:32:49 GMT 2003 

Hi,

you can use firewall marks to make http/https-server work.

This job has to be done by iptables/ipchains, ipvs can recognize these, but
cannot assign them.

In the lvs configuration you can tell ipvs to handle packets on different
ports with the same firewall mark identically.

The rules to set the firewall mark to 80 on packets destined to the floating
IP address x.x.x.x on ports 80 and 443 

iptables
	/sbin/modprobe ip_tables
	/sbin/iptables -t mangle -A PREROUTING \
		-p tcp -d x.x.x.x/32 --dport 80 -j MARK --set-mark 80
	/sbin/iptables -t mangle -A PREROUTING \
		-p tcp -d x.x.x.x/32 --dport 443 -j MARK --set-mark 80

ipchains
	/sbin/modprobe ipchains
	/sbin/ipchains -A input -p tcp -d x.x.x.x/32 80 -m 80
	/sbin/ipchains -A input -p tcp -d x.x.x.x/32 443 -m 80

After this my http/https-server worked fine :)
Make sure that packet filtering rules are made permanent, otherwise this
changes wont persist through a reboot.

Hope this helps,

Greetings,
 Michael



-----Ursprüngliche Nachricht-----
Von: devendra orion [mailto:dev_orion at yahoo.com]
Gesendet: Montag, 13. Januar 2003 14:47
An: lvs-users at LinuxVirtualServer.org
Betreff: HTTP-HTTPS


Hi!

I need help in setting up load balancer with HTTP and
HTTPS going to same real servers. 
Current configuration is

Load balancer and 3 real servers
The 3 real servers are serving HTTP and configured for
HTTPS.In load balncer i want HTTP to be scheduled in
round robin fashion and HTTPS to be in weghted least
connection. As we have to keep session persistent to
same real server i am using WLC with network address
level persistence for 60 mins. 

Now i am adding https and which is served by same real
servers, but i am not sure of how to configure it
properly. I tried the following configuration:

ipvsadm -A -t OutIP:80 -s rr 
ipvsadm -a -t OUTIP:80 RealIP1:80 -m
ipvsadm -a -t OUTIP:80 RealIP2:80 -m
ipvsadm -a -t OUTIP:80 RealIP3:80 -m

ipvsadm -A -t OutIP:443 -s wlc -p 3600 -M
255.255.255.0
ipvsadm -a -t OUTIP:443 RealIP1:443 -m
ipvsadm -a -t OUTIP:443 RealIP2:443 -m
ipvsadm -a -t OUTIP:443 RealIP3:443 -m


I also tried

ipvsadm -A -t OutIP:0 -s wlc -p 3600 -M 255.255.255.0
ipvsadm -a -t OUTIP:0 RealIP1:0 -m
ipvsadm -a -t OUTIP:0 RealIP2:0 -m
ipvsadm -a -t OUTIP:0 RealIP3:0 -m

But the problem is the site is not visible the moment
i enable the HTTPS on realserver.

At a time only one port is accessible 80 or 443.

I am not sure whether th load balance is configured
wrong or real servers.

Waiting for your help.
Regards
Dev Orion


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

More information about the lvs-users mailing list