[lvs-users] Multiple domains with SSL inside a 2 machine cluster

Graeme Fowler graeme at graemef.net
Tue Aug 7 12:33:07 BST 2007


On Tue, 2007-08-07 at 13:19 +0200, Ullrich Pfefferlein wrote:
> To make it short - i should give each domain one external ip and
> configure the load balancer to forward (NAT) those to my realservers
> with one port per ssl certificate instead ip address?

That's right.

Note that this can cause potential problems for tech-savvy end users who
will find themselves connecting to port 443 but Apache will be able to
tell them they're on a different port. That's not a problem as such, but
it can raise questions.

There's an alternative way to do this which is slightly more complex but
saves on address space even more, which is to use a reverse proxy to do
the work for you. Both Apache and Squid can work like this, but I'll
leave that as a thought experiment for you :)

Graeme





More information about the lvs-users mailing list