HTTPS

Brad Taylor btaylor at Autotask.com
Tue Aug 23 21:11:56 BST 2005


Thanks but how can it be normal? The site does not show and seems to be
left in a loop. My real server is a Squid in accelerator mode. LVS is
setup for DR. I've been using Ultra Monkey to get this setup. Requests
directly to Squid work without problems. Squid is setup with the
loopback VIP as described on the Ultra monkey site. The gateway is set
to the firewall/router. What can I try to fix this?

Brad

-----Original Message-----
From: lvs-users-bounces at LinuxVirtualServer.org
[mailto:lvs-users-bounces at LinuxVirtualServer.org] On Behalf Of Volker
Dormeyer
Sent: Tuesday, August 23, 2005 3:50 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: HTTPS

Hi Brad,

 * On Mon, 22 Aug 2005 12:22:26 -0400,
 * "Brad Taylor" <btaylor at Autotask.com> wrote:

 > Thanks.
 > Got the weights to be correct but now getting all requests to be
 > inactive:

 > [root at LB_Master ha.d]# ipvsadm -L
 > IP Virtual Server version 1.0.8 (size=65536)
 > Prot LocalAddress:Port Scheduler Flags
 > -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
 > TCP  10.10.1.20:https wlc persistent 600
 > -> 10.10.1.13:https             Route   1      0          3
 > -> 10.10.1.12:https             Route   1      0          0

 > What can I do so that the connection is active?

This should be normal, there are just 3 connections inactive, because
the
data has already been transfered and they are closed. A normal HTTP
connection is closed, after the data has been transfered from server to
the client. When you click on a link in a web page, another connection
will be initiated by the client to the server.

If you do "ipvsadm -lnc" you should see at least these three connections
in state TIME_WAIT. As soon as the timeout ends, the connection entries
will be removed from the table.

The behaviour changes, when client and server support "persistent HTTP"
connections (not to interchange with persistence provided by LVS). A
persistent HTTP connection is kept open, as long either the client or
the server decide to close it. That means even if the client received
the requested document, the connection stays open. As already mentioned,
this has nothing to with the persistence functionality provided by LVS
which means to stick a single client to one real server for a defined
amount of time, even for new initiated connections.

Regards,
Volker

--
 Volker Dormeyer	<volker at ixolution.de>



 * On Fri, 19 Aug 2005 16:47:22 -0400,
 * "Brad Taylor" <btaylor at Autotask.com> wrote:

 > I've setup an LVS and a Squid in reverse proxy mode. Squid is setup
 > with
 > a certificate to decrypt https traffic and sends http back to the
 > real
 > server. This has been tested and working. I've setup another Squid
 > and
 > real server the same way. Now I'm trying to get the LVS to load
 > balance
 > the Squids. The request would be https to the LVS then https to
 > Squid.
 > Squid would decrypt the https and forward http to the backend server.
 > Here is my conf file:

 > [...]

 > # Virtual Server for HTTP
 > virtual=10.10.1.20:443
 >      fallback=127.0.0.1:80
 >      real=10.10.1.12:443 gate
 >      real=10.10.1.13:443 gate
 >      service=http

 > this seems to be the problem. Please set service=https instead of
 > http. Ldirectord will use HTTPS to negotiate, then.

 > [...]

 > Regards,
 > Volker

 > --
 Volker Dormeyer	<volker at ixolution.de>


 > _______________________________________________
 > LinuxVirtualServer.org mailing list -
lvs-users at LinuxVirtualServer.org
 > Send requests to lvs-users-request at LinuxVirtualServer.org
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
 > _______________________________________________
 > LinuxVirtualServer.org mailing list -
lvs-users at LinuxVirtualServer.org
 > Send requests to lvs-users-request at LinuxVirtualServer.org
 > or go to http://www.in-addr.de/mailman/listinfo/lvs-users

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
Send requests to lvs-users-request at LinuxVirtualServer.org
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


More information about the lvs-users mailing list