HTTPS

Volker Dormeyer volker at ixolution.de
Tue Aug 23 20:50:20 BST 2005


Hi Brad,

 * On Mon, 22 Aug 2005 12:22:26 -0400,
 * "Brad Taylor" <btaylor at Autotask.com> wrote:

 > Thanks.
 > Got the weights to be correct but now getting all requests to be
 > inactive:

 > [root at LB_Master ha.d]# ipvsadm -L
 > IP Virtual Server version 1.0.8 (size=65536)
 > Prot LocalAddress:Port Scheduler Flags
 > -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
 > TCP  10.10.1.20:https wlc persistent 600
 > -> 10.10.1.13:https             Route   1      0          3
 > -> 10.10.1.12:https             Route   1      0          0

 > What can I do so that the connection is active?

This should be normal, there are just 3 connections inactive, because the
data has already been transfered and they are closed. A normal HTTP
connection is closed, after the data has been transfered from server to
the client. When you click on a link in a web page, another connection
will be initiated by the client to the server.

If you do "ipvsadm -lnc" you should see at least these three connections
in state TIME_WAIT. As soon as the timeout ends, the connection entries
will be removed from the table.

The behaviour changes, when client and server support "persistent HTTP"
connections (not to interchange with persistence provided by LVS). A
persistent HTTP connection is kept open, as long either the client or
the server decide to close it. That means even if the client received
the requested document, the connection stays open. As already mentioned,
this has nothing to with the persistence functionality provided by LVS
which means to stick a single client to one real server for a defined
amount of time, even for new initiated connections.

Regards,
Volker

--
 Volker Dormeyer	<volker at ixolution.de>



 * On Fri, 19 Aug 2005 16:47:22 -0400,
 * "Brad Taylor" <btaylor at Autotask.com> wrote:

 > I've setup an LVS and a Squid in reverse proxy mode. Squid is setup
 > with
 > a certificate to decrypt https traffic and sends http back to the
 > real
 > server. This has been tested and working. I've setup another Squid
 > and
 > real server the same way. Now I'm trying to get the LVS to load
 > balance
 > the Squids. The request would be https to the LVS then https to
 > Squid.
 > Squid would decrypt the https and forward http to the backend server.
 > Here is my conf file:

 > [...]

 > # Virtual Server for HTTP
 > virtual=10.10.1.20:443
 >      fallback=127.0.0.1:80
 >      real=10.10.1.12:443 gate
 >      real=10.10.1.13:443 gate
 >      service=http

 > this seems to be the problem. Please set service=https instead of
 > http. Ldirectord will use HTTPS to negotiate, then.

 > [...]

 > Regards,
 > Volker

 > --
 Volker Dormeyer	<volker at ixolution.de>


 > _______________________________________________
 > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
 > Send requests to lvs-users-request at LinuxVirtualServer.org
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
 > _______________________________________________
 > LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
 > Send requests to lvs-users-request at LinuxVirtualServer.org
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users



More information about the lvs-users mailing list