LVS HTTPS SSL and Squid

Horms horms at verge.net.au
Tue Aug 9 02:33:13 BST 2005


On Tue, Aug 09, 2005 at 10:29:10AM +0900, Horms wrote:
> On Mon, Aug 08, 2005 at 12:36:58PM -0700, Joseph Mack NA3T wrote:
> > On Mon, 8 Aug 2005, Brad Taylor wrote:
> > 
> > >Yes, a couple times and I understand parts of it but still getting a
> > >little confused. Doesn't seem to really answer the question below, but
> > >maybe I'm missing something?
> > 
> > just wanted to make sure. The situation isn't clear AFAIK 
> > either. It's not like it comes up a lot and we've got it 
> > down pat. Horms probably has the clearest point on the 
> > matter which is not to have a separate SSL engine but to 
> > have each realserver do its own decrypting/encrypting.
> > 
> > (I haven't done any of this myself.)
> 
> Here is a descrition I wrote a while ago about SSL/LVS
> In a nutshell, you probably want to use persistance
> and have the real-servers handle the SSL decryption.

Actulally, using the lblc scheduler, or something similar,
might be another good solution to this problem.

> 
> http://archive.linuxvirtualserver.org/html/lvs-users/2003-07/msg00184.html
> 
> -- 
> Horms

-- 
Horms


More information about the lvs-users mailing list