A more expensive solution would be using a hardware based SSL switch up front like the Nortel Alteon series.
Jeff On Fri, 25 Jan 2002, Thierry Coopman wrote: > Hi, > > I'm trying to do this. The main problem is HTTPS session IDs I guess. This > makes load-balancing a bit more complicated since you need to forward every > request to the same server that has the sessionID. This is doable with Linux > LVS, your firewall or with HW load-balancing kit. > > Now, what ahppens on a failure? > - The server(s) that still exist can take over the ip address of the failing > server > - The LoadBalancing system detects it and doesn't use the machine any more. > > On the SSL side, since the server that fails over doesn't have the SSL > session, the browser connecting to it fails to communicate. > > I'm not sure if it is safe to use the same cert for every machine, or that > it is a requirement to have the same cert on every machine. > > Verisign requires you to ask for a different certificate for every server > (with a different OU) in a cluster. (I think this is just a commercial > reason, not a technical reason, but I'm not sure) > > It is possible to sync the session cache over different hosts with things > like Splash <http://anoncvs.aldigital.co.uk/splash/> but I haven't found an > implementation with mod_ssl (only Apache-SSL) > > I would be gratefull if someone has a clean solution or if there is someone > with experience on trying to accomplish this. > > > On 24-01-2002 23:34, "Yu, Ming" <[EMAIL PROTECTED]> wrote: > > > Does anyone have information about how to build redundant apache web site > > with SSL? > > > > Thanks > > > > - Ming Yu > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
