[lvs-users] LVS and OCSP Stapling
malcolm at loadbalancer.org
Wed Apr 20 16:34:27 BST 2016
Are you sure you have anything working at all?
LVS never listens to any ports it simply passes traffic to the real
servers who listen on an IP/port so they would be the ones responding
to a telnet command.
I assume your real servers have LVS as the default gateway and the
test clients are on an external subnet? (LVS nat mode won't work with
Straight after you try and connect what does the connection table show?
On 14 April 2016 at 22:30, Brian Adams <brian at songmeanings.com> wrote:
> I've been searching and trying things all day and can't seem to get OCSP
> stapling working on my web server farm.
> I don't believe it is a firewall issue, as I've taken it out of the
> equation and still encounter the same issue. I've also tested this on a
> machine not behind the load balancer and it seems to work (I get a response
> from openssl s_client, though the online ssl testers still show stapling as
> not working).
> I am using nginx on several web servers fronted with LVS NAT. LVS is
> listening on both 80 and 443 so that it can redirect the requests back to
> I have the appropriate settings/files on all of the web servers, but am
> getting a timeout when testing it (I've tried several variations of this
> openssl s_client -connect mydomain.com:443 -tls1 -tlsextdebug -status
> and I get:
> Socket: Connection timed out
> I also cannot telnet to mydomain on either 80 or 443. So I'm suspected at
> this point that the LVS server is the culprit. Is there a way to either set
> up a cert on that machine or configure it to pass back to the web servers
> to handle the OCSP/openssl requests?
> Please read the documentation before posting - it's available at:
> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
> Send requests to lvs-users-request at LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Phone: +44 (0)330 380 1064
More information about the lvs-users