In the previous proposal, you would have your DNS refer to the IP address of the virtual server on the load balancer, such that DNS reflects the proper hostname of the SSL certificate in question.
Your Load Balancer would be configured with a Virtual Server that terminates SSL for you, and passes traffic to your backend varnish cluster, and varnish passes the traffic to your back end web servers. To take it a step further I might recommend: client -> DNS -> Public IP for the hostname on the Load Balancer (Virtual Server) -> Varnish Cluster -> An internal IP (RFC 1918) on the Load Balancer (Virtual Server) -> Web Server Cluster That will ensure: 1. Valid termination of your SSL traffic and none of the client errors you are concerned about. 2. n+1 management for your varnish cluster 3. n+1 management for your web server cluster Your IP will not need to change, you just want it move to the load balancer, and you can then use whatever you want (preferably internal IPs) for the rest of the hosts. Joshua On May 4, 2013, at 12:59 PM, Your Friend wrote: > Hi, > > Please correct if i'm wrong but I think that your ssl certificate is issued > for a specific ip && domain. Pointing your domain to loadbalancer (new > different ip) may cause problem for you and demand that you reissue your ssl > certificate to make it work. > > Thanks, Ali > > Från: Ashish <[email protected]> > Till: [email protected] > Skickat: söndag, 14 april 2013 12:46 > Ämne: varnish ssl > > I am setting up varnish as caching+entry point for public traffic. > > Public => varnish(x2) => loadbalancer => Web servers (x4) > > We have around 15 domains with ssl support on login/payment pages. > > I am not quite getting done here. > > 1) i could point all domins to varnish IP and it could route > accordingly, but dont think i can make ssl workout to be sent st. to > loadbalancer and then webserver > question: Does ssl request gets untouched and sent directly to end > server? > 2) Can i somehow configure varnish to be stand alone, but point dns to > loadbalancer IP's and somehow still manage to get varnish serve cached > objects? > > Please guide me > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
