Hi, I'm trying to do this. The main problem is HTTPS session IDs I guess. This makes load-balancing a bit more complicated since you need to forward every request to the same server that has the sessionID. This is doable with Linux LVS, your firewall or with HW load-balancing kit.
Now, what ahppens on a failure? - The server(s) that still exist can take over the ip address of the failing server - The LoadBalancing system detects it and doesn't use the machine any more. On the SSL side, since the server that fails over doesn't have the SSL session, the browser connecting to it fails to communicate. I'm not sure if it is safe to use the same cert for every machine, or that it is a requirement to have the same cert on every machine. Verisign requires you to ask for a different certificate for every server (with a different OU) in a cluster. (I think this is just a commercial reason, not a technical reason, but I'm not sure) It is possible to sync the session cache over different hosts with things like Splash <http://anoncvs.aldigital.co.uk/splash/> but I haven't found an implementation with mod_ssl (only Apache-SSL) I would be gratefull if someone has a clean solution or if there is someone with experience on trying to accomplish this. On 24-01-2002 23:34, "Yu, Ming" <[EMAIL PROTECTED]> wrote: > Does anyone have information about how to build redundant apache web site > with SSL? > > Thanks > > - Ming Yu > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
