[lvs-users] Is ldirectord the right choice for https through and through
Sander Klein
roedie at roedie.nl
Thu Nov 7 07:48:15 GMT 2013
Hi,
On 06.11.2013 22:09, Jacob Gibson wrote:
> I was happily using HAProxy, until I received word that we need to
> also
> encrypt traffic to the web servers. So, internet --https--> load
> balancer
> --https--> web servers. Would ldirectord be a more appropriate
> choice? We
> don't need any Layer 7 rules.
>
> We do need the following:
>
> 1) HTTPS all the way through
> 2) Web servers need to see the IP of the user
> 3) Users need sticky sessions to a web server (where the sticky
> assignment
> counter gets refreshed on each user request)
> 4) HTTPS Keep-Alive support
> 6) Mobile and older browser support (I say this because I keep reading
> this
> about SNI, but I don't know if that applies to us)
>
> I believe ldirectord can do #1 and #2, but don't know about #3-#6.
You can do #1 also with HAProxy. At least, if you take 1.5-dev.
#2 is possible but you need to do some 'tricks' for that. Using
X-Forwarded-For headers and mod-rpaf if using Apache will make the
webservers see the originating address.
Greets,
Sander
More information about the lvs-users
mailing list