[lvs-users] Multiple domains with SSL inside a 2 machine cluster

Mark msalists at gmx.net
Mon Aug 6 17:55:15 BST 2007 

The way I solved this problem was to create one virtual IP for each domain, plus one local IP on each physical node.
I guess over time you will collect tons of IPs, depending on how many domains you have.
I don't have too many (at least not those that require https), so it works for me.

Example:

domain-a.com has public IP xxx.xxx.xxx.5 and is redirected to 192.168.1.5 on server1 and 192.168.1.6 on server2
domain-b.com has public IP xxx.xxx.xxx.6 and is redirected to 192.168.1.7 on server1 and 192.168.1.8 on server2
and so on...

Not particularly elegant, but I am not sure if there is any better way....

I thought that the hostname is part of the encrypted request. If that is true, then the certificate can not be linked to the
hostname, but must be linked to an IP, because in order to get the hostname from the request, the request has to be decrypted first.
So the proper certificate has to be selected before we even know the hostname. If that is wrong, then please correct me...

MARK


> -----Original Message-----
> From: lvs-users-bounces at linuxvirtualserver.org 
> [mailto:lvs-users-bounces at linuxvirtualserver.org] On Behalf 
> Of Ullrich Pfefferlein
> Sent: Monday, August 06, 2007 8:09 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 
> machine cluster
> 
> On 8/6/07, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> > On Mon, 6 Aug 2007, Ullrich Pfefferlein wrote:
> >
> > > Due to multiple certificates within one machine requires 
> ip aliasing i
> > > would like to know how to setup this.
> >
> > A certificate is associated with a hostname, not an IP.
> Correct but apache (openssl) requires one ip per https binding. Its
> not possible to setup different domains with name based virtual hosts
> via one single ip address.
> Thats why i spoke about ip aliasing.
> 
> If theres an other way to solve this please let me know.
> 
> Ullrich
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list