[lvs-users] Multiple domains with SSL inside a 2 machine cluster

Mark msalists at gmx.net
Tue Aug 7 17:13:32 BST 2007


Well, I would imagine that you still need to have all the virtual public IPs, because browsers expect to contact port 80 for http
and port 443 for https.
If you have one VIP only and you host domain-a.com on 443 and domain-b.com on 444, your users usually won't know and try to go to
https://www.domain-b.com
So they will end up on the wrong domain.

Unless you make sure that they all come in through http and not https and then have proper redirects from port 80 to 443 / 444 /
etc.
Plus your clients might have firewalls that block ourgoing traffic to non-standard ports like these.

But for the local IPs on the realservers the port solution is definitely better than the one-IP-per-domain solution.

MARK

 

> -----Original Message-----
> From: lvs-users-bounces at linuxvirtualserver.org 
> [mailto:lvs-users-bounces at linuxvirtualserver.org] On Behalf 
> Of Joseph Mack NA3T
> Sent: Tuesday, August 07, 2007 4:46 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] Multiple domains with SSL inside a 2 
> machine cluster
> 
> On Tue, 7 Aug 2007, Graeme Fowler wrote:
> 
> > There's an alternative, much tidier approach for NAT which 
> only requires
> > one IP per machine - use multiple TCP ports instead of multiple
> > addresses. You can have vhost1 bound to port 443, vhost2 to 
> port 444 and
> > so on (obviously you need to choose this range carefully). 
> You can then
> > configure VIP1:443 to use RS1:444, RS2:444, RS3:444 and so on.
> 
> Hadn't thought of this. Let's see
> 
> o This solves the problem of purchasing 100's of public IPs
> 
> o does not change the number of lines for ipvsadm
> 
> o does not change the number of certificates (the number of 
> hostnames x the number of realservers).
> 
> correct?
> 
> Joe
> 
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
> 





More information about the lvs-users mailing list