[lvs-users] Is ldirectord the right choice for https through and through

Sander Klein roedie at roedie.nl
Thu Nov 7 07:48:15 GMT 2013


On 06.11.2013 22:09, Jacob Gibson wrote:
> I was happily using HAProxy, until I received word that we need to 
> also
> encrypt traffic to the web servers.  So, internet --https--> load 
> balancer
> --https--> web servers.  Would ldirectord be a more appropriate 
> choice?  We
> don't need any Layer 7 rules.
> We do need the following:
> 1) HTTPS all the way through
> 2) Web servers need to see the IP of the user
> 3) Users need sticky sessions to a web server (where the sticky 
> assignment
> counter gets refreshed on each user request)
> 4) HTTPS Keep-Alive support
> 6) Mobile and older browser support (I say this because I keep reading 
> this
> about SNI, but I don't know if that applies to us)
> I believe ldirectord can do #1 and #2, but don't know about #3-#6.

You can do #1 also with HAProxy. At least, if you take 1.5-dev.

#2 is possible but you need to do some 'tricks' for that. Using 
X-Forwarded-For headers and mod-rpaf if using Apache will make the 
webservers see the originating address.



More information about the lvs-users mailing list