Hiya Im hoping someone would be kind to help me with my load balancing or least overlook my configs / setup, as im struggling to loadbalance all SSL / HTTPS traffic.
I got port 80 load balanced and working. I know cause I use by using watch ipvsadm -L -n and for i in `seq 100`; do lynx --dump http://machine; done. (Which allows me to see what machine LVS is now connecting too.) ,I see under the ActiveConn and / or InActConn, it increments etc. I think, the SSL problem, is a routing issue. My setup is, I have two machines that I have heartbeat for failover, and Im using LVS for loadbalancing for HTTP(S). The each machine has 2 ip aliases ( eth0:1 and eth0:2), for SSL Apache virtual hosting. web01:~# cat /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 41.203.4.4 netmask 255.255.255.224 gateway 41.203.4.3 # FOR HTTPS auto eth0:1 iface eth0:1 inet static address 41.203.4.21 netmask 255.255.255.224 auto eth0:2 iface eth0:2 inet static address 41.203.4.25 netmask 255.255.255.224 # FOR LVS auto lo:1 iface lo:1 inet static address 41.203.4.5 netmask 255.255.255.255 pre-up sysctl -p > /dev/null auto lo:2 iface lo:2 inet static address 41.203.4.24 netmask 255.255.255.255 pre-up sysctl -p > /dev/null web01:/etc/ha.d# cat ldirectord.cf checktimeout=10 checkinterval=10 autoreload=no logfile="/var/log/ldirectord.log" quiescent=yes virtual=41.203.4.5:80 real=41.203.4.4:80 gate real=41.203.4.7:80 gate fallback=127.0.0.1:80 service=http request="ldirector.html" receive="Test Page" scheduler=rr protocol=tcp checktype=negotiate virtual=41.203.4.24:443 real=41.203.4.21:443 gate real=41.203.4.22:443 gate fallback=127.0.0.1:443 service=https request="ldirector.html" receive="Test Page" scheduler=rr protocol=tcp checktype=negotiate And last but not least web01:/etc/ha.d# cat haresources web01.konsoleh.cpt2.host-h.net \ ldirectord::ldirectord.cf \ LVSSyncDaemonSwap::master \ IPaddr2::41.203.4.5/27/eth0/41.203.4.31 \ IPaddr2::41.203.4.24/27/eth0/41.203.4.31 And with all this, I get the following, web01:/etc/ha.d# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 41.203.4.5:80 rr -> 41.203.4.7:80 Route 1 0 0 -> 41.203.4.4:80 Local 1 0 0 TCP 41.203.4.24:443 rr -> 41.203.4.22:443 Route 1 0 0 -> 41.203.4.21:443 Local 1 0 0 I can ping all the ips, but if I use my browser I get "unable to connect", for any traffic destined to port 443. If anyone could help, I would appreciate it. Kind Regards Brent Clark _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
