Hi, should i better define three global services for my three external IP's each with the HeadRequire directive with its specific domain and define the backends there?
Kind regards David Am 07.10.2013 17:01, schrieb D. R.: > Hi, > > thanks Andreas, it works, but i have a question about it, see below. > > Thanks Felix, we will think about it, running multiple pound instances, > but for now one instance serving the three IP addresses is fine for us > as we use poundctl to en- and disable the backends. Restarting pound is > not a big problem for us. > > My issue: > > On another setup pound serves only one external IP address and we have > configured it as follows: > > ListenHTTP > Address XX.XXX.XXX.XX > Port 80 > END > ListenHTTPS > Address XX.XXX.XXX.XX > Port 443 > ... > END > SERVICE > BackEnd > Address internalhost1 > Port 8081 > End > BackEnd > Address internalhost2 > Port 8081 > End > ... > END > > when calling poundctl, i see something like that: > 0. http Listener XX.XXX.XXX.XX:80 a > 1. HTTPS Listener XX.XXX.XXX.XX:443 a > -1. Global services > 0. Service active (1) > 0. Backend (UNKNOWN):0 active (1 0.000 sec) alive > 1. Service active (15) > 0. Backend 192.168.0.190:8081 active (5 0.000 sec) alive > 1. Backend 192.168.0.191:8081 active (5 0.000 sec) alive > 0. Session E04D22ADFF4178D6D6F5EE966E56D9AF.xx11 -> 0 > 1. Session E2E91B4B092AC9A4D6DFABA9CF27E26A.xx21 -> 1 > 2. Session 49F01EAF72EAFE6B2B3D806B825B9D1E.xx11 -> 0 > > so all sessions belong to one single service, imho both: http and https > > But with my configuration on the other machine pound providing multiple > external IPs, i get this when running poundctl: > > $sudo poundctl -c /var/run/pound/poundctl.socket > 0. http Listener XX.XXX.XXX.1:80 a > 0. Service active (5) > 0. Backend 192.168.0.192:8081 active (5 0.000 sec) DEAD > 1. Backend 192.168.0.192:8082 active (5 0.000 sec) alive > 0. Session 8D1365CBCD8F336FB259A1EBE4EA8544.aa2 -> 1 > 1. HTTPS Listener XX.XXX.XXX.1:443 a > 0. Service active (10) > 0. Backend 192.168.0.192:8081 active (5 0.000 sec) alive > 1. Backend 192.168.0.192:8082 active (5 0.000 sec) alive > 2. http Listener XX.XXX.XXX.3:80 a > 0. Service active (5) > 0. Backend 192.168.0.192:8085 active (5 0.000 sec) DEAD > 1. Backend 192.168.0.192:8086 active (5 0.000 sec) alive > 0. Session 582AD6F1BFA47DC72547CC98C292682E.cc2 -> 1 > 3. HTTPS Listener XX.XXX.XXX.3:443 a > 0. Service active (5) > 0. Backend 192.168.0.192:8085 active (5 0.000 sec) DEAD > 1. Backend 192.168.0.192:8086 active (5 0.000 sec) alive > 0. Session 5D8771134B5E9B987AC47E20209D857A.cc2 -> 1 > -1. Global services > > with the following config scheme: > > ListenHTTP > Address 1.2.3.4 > Port 80 > > Service > BackEnd > Address 192.168.0.10 > Port 80 > ........... > > ListenHTTP > Address 1.2.3.5 > Port 80 > > Service > BackEnd > Address 192.168.0.11 > Port 80 > ........... > > ListenHTTPS > Address 1.2.3.4 > Port 443 > Cert "/etc/pound/server1.pem" > ........... > > ListenHTTPS > Address 1.2.3.5 > Port 443 > Cert "/etc/pound/server2.pem" > > > My question now is: do i have multiple sessions for http and https? > > Is it possible to define multiple service sections in order to group the > http and https listeners? How can i achieve that? > > > Kind regards > David > > > Am 30.08.2013 09:52, schrieb Felix Zachlod: >>> Yes, David, >>> >>> it is possible to have several ListenHTTPS blocks with their own Cert >>> configs. >> While I would generally recommend thinking about possibly running multiple >> pound instances if you run them for different purposes- this would let you >> restart one in case of a config change without interruption of another one. >> Just to think about, if this possibly makes sense for you- of course you >> might also run one instance with a lot of listeners too. >> >> regards, Felix >> >> >> -- >> To unsubscribe send an email with subject unsubscribe to [email protected]. >> Please contact [email protected] for questions. >> > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
