[lvs-users] Multiple domains with SSL inside a 2 machine cluster

Joseph Mack NA3T jmack at wm7d.net
Tue Aug 7 13:19:01 BST 2007


On Tue, 7 Aug 2007, Graeme Fowler wrote:

> Correct. Although if you get a (some) reverse proxy(ies) to sit
> logically between the load balancer(s) and the realservers, you can get
> them to do the SSL crypt/decrypt and then pass the requests to the
> realservers locally. This keeps the realservers doing what they do best,
> serving web pages, and means you can take (for example) the SSL part
> "out of the loop" without turning off all of the plain old HTTP sites at
> the same time. And it can dramatically reduce the number of entries for
> ipvsadm; however you may need to reinvent the wheel a little to get
> persistence working (for example) from the proxy to the realserver.

this comes up on the ml every couple of years. The 
conclusion each time is that the only reason you'd use a SSL 
accelerator is to bypass the requirement for multiple copies 
of each certficate.

I can't imagine an https site, where you put in your credit 
card info, getting all that much traffic compared to the 
http site where you do a lot of fetching.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!




More information about the lvs-users mailing list