Hi all, I'm setting up an OpenBSD box as a firewall also handling loadbalancing, failover, and ssl relaying to a group of application servers. Configuring hoststated for the http loadbalancing and failover has been straightforward but I've run into problems with failover for https. The ssl relay works but won't failover to a backup table (a static web page served by apache bound to localhost). Running 'hoststatectl show summary' gives me output saying the backup table is in effect but there's no response from the localhost server (which is also the backup server for http service- and works fine on failover). Running 'hoststated -d' to see output, I get the message: relay_from_table: no active hosts relay sslaccel, session 1 (1 active), 192.168.1.108 -> :0, session failed whenever an https request is sent.
I've tried adding a backup table in the "relay" section of hoststated.confbut syntax for a backup table is not allowed there. I've created a service called wwwssl and added that to the "relay" section but the backup table in the service is ignored. I've swapped addresses and ports and run apache on different addresses and ports and all other sorts of combinations but to no avail. Does anyone have any experience or insight to share on this? hoststated.conf follows. Otherwise, many thanks to pyr@ and reyk@ for the work on hoststated- it's made for another OpenBSD entry into a corporate environment (and my job happier :) ). Thanks! -Steve hoststated.conf: www1=172.16.1.10 www2=172.16.1.11 wwwbackup=127.0.0.1 interval 1 table wwwhosts { real port 80 check icmp host $www1 host $www2 } table wwwhostsbackup { real port 80 check icmp host $wwwbackup } service www { virtual host 192.168.1.6 port 80 interface bge0 tag HOSTSTATED table wwwhosts backup table wwwhostsbackup } service wwwssl { virtual host 192.168.1.7 port 80 #this host ip could be 127.0.0.1 and the same effect happens tag HOSTSTATED table wwwhosts backup table wwwhostsbackup } protocol http_ssl { protocol http header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$SERVER_ADDR:$SERVER_PORT" to X-Forwarded-By:$SERVER_ADDR:$SERVER_PORT" header change "Keep-Alive" to "10" ssl { sslv3, sslv2, ciphers "ALL" } } relay sslaccel { listen on 192.168.1.6 port 443 ssl protocol http_ssl service wwwssl }