Hi Emilio Thank you for your help. But we tested it with ent. 4.1 and it works well – so we are going to pay for the service if anything will be fine the next days. best regards
steffen From: Emilio Campos [mailto:emilio.campos.mar...@gmail.com] Sent: Mittwoch, 6. April 2016 11:46 To: zenloadbalancer-support@lists.sourceforge.net Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For Hi related to the issue, there are several changes in HTTPS profile 3.10, openssl library has been updated to the Debian base. and SSLv2 / SSLv3 is disabled by default. try run test with openssl s_client as follows openssl s_client -connect google.es:443<http://google.es:443> Once SSL handshake is done please write something like this: GET / HTTP/1.0 if first command openssl expends more time than expected the issue coudl be related with the SSL communication, maybe some Ciphers suites os SSL protocol version. If the response of GET / HTTP/1.0 command expends more time than expected then the issue is related with the backend. FYI from 3.4 CE to 3.7 CE the operative system and binaries are same version. Regards 2016-04-06 10:23 GMT+02:00 Steffen Höhne <steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>>: Hello guys News: Back to HTTP Farm ZenLB 3.10 - We have really high https respond time > 10000msec So I tried with 4.1 Enterprise – It works fine with the same settings! There must be a bug since 3.7 – because with 3.4 and with enterprise 4.1 it works fine with good respond time. Now I have a new Problem. The HTTPS Farm have 3 Services: 1. LB between 2 Servers with http backend, virtual host for “www.xxxx.xx<http://www.xxxx.xx>” > works fine 2. one server with with http backend, virtual host for “server1.xxxx.xx” > works NOT > “The service is not available. Please try again later.” 3. one server with with http backend, virtual host for “server2.xxxx.xx” > works fine Thank you for any help. Freundliche Grüsse Steffen Höhne System Engineer -------------------------------------------------------------------------------------------------------------- JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland IT-Systems Nottwil GmbH * Kantonsstrasse 11b * 6207 Nottwil * Switzerland Phone: +41 41 937 29 61<tel:%2B41%2041%C2%A0937%2029%2061> Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: supp...@jmc-software.ch<mailto:supp...@jmc-software.ch> PC Fernwartung: Teamviewer<http://pcsn.ch/media/38904/jmc_quicksupport.exe> MAC Fernwartung: Teamviewer<http://download.teamviewer.com/download/version_9x/TeamViewerQS.dmg> -------------------------------------------------------------------------------------------------------------- From: Emilio Campos [mailto:emilio.campos.mar...@gmail.com<mailto:emilio.campos.mar...@gmail.com>] Sent: Dienstag, 5. April 2016 16:25 To: zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For X-Forwarded-For header is added by default for any HTTP[S] farm L4xNAT profile can work in NAT mode, similar behaviour to Profiles HTTP or TCP Use Profile L4xNAT with NAT instead of TCP Profile Regards! 2016-04-05 14:51 GMT+02:00 Mathieu Chateau <mathieu.chat...@lotp.fr<mailto:mathieu.chat...@lotp.fr>>: Good Question :) Cordialement, Mathieu CHATEAU http://www.lotp.fr 2016-04-05 14:34 GMT+02:00 Steffen Höhne <steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>>: Hi Mathieu why does the TCP Farm have the option “Add X-Forwarded-For header to http requests.” ? best regards Freundliche Grüsse Steffen Höhne System Engineer -------------------------------------------------------------------------------------------------------------- JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland IT-Systems Nottwil GmbH * Kantonsstrasse 11b * 6207 Nottwil * Switzerland Phone: +41 41 937 29 61<tel:%2B41%2041%C2%A0937%2029%2061> Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: supp...@jmc-software.ch<mailto:supp...@jmc-software.ch> PC Fernwartung: Teamviewer<http://pcsn.ch/media/38904/jmc_quicksupport.exe> MAC Fernwartung: Teamviewer<http://download.teamviewer.com/download/version_9x/TeamViewerQS.dmg> -------------------------------------------------------------------------------------------------------------- From: Mathieu Chateau [mailto:mathieu.chat...@lotp.fr<mailto:mathieu.chat...@lotp.fr>] Sent: Dienstag, 5. April 2016 14:01 To: zenloadbalancer-support <zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>> Subject: Re: [Zenloadbalancer-support] HTTPS X-Forwarded-For Hello, not sure to get what you want. If ZLB is in TCP mode, it does NOT know what flow are inside and don't touch anything. So it's not going to add any http header. Cordialement, Mathieu CHATEAU http://www.lotp.fr 2016-04-05 13:50 GMT+02:00 Steffen Höhne <steffen.hoe...@jmc-software.ch<mailto:steffen.hoe...@jmc-software.ch>>: Hey Guys We have installed a two node cluster with zenlb 3.7. Recently we had problems with https encryption and high cpu usaged – so we changed the farm to tcp. Behind the lb are two https backends IIS server. With http the option“Add X-Forwarded-For header to http requests.” works fine. But the development unit have a new website “only https” – and that option doesn’t work. l4xnat with dnat isn’t an option for us, because the lb can’t be the main gateway. Do you guys have any idea for me pls? Thank you Freundliche Grüsse Steffen Höhne System Engineer -------------------------------------------------------------------------------------------------------------- JMC Software AG * Riedstrasse 1 * 6343 Rotkreuz * Switzerland IT-Systems Nottwil GmbH * Kantonsstrasse 11b * 6207 Nottwil * Switzerland Phone: +41 41 937 29 61<tel:%2B41%2041%C2%A0937%2029%2061> Internet: http://www.jmc-software.ch<http://www.jmc-software.ch/> * Email: supp...@jmc-software.ch<mailto:supp...@jmc-software.ch> PC Fernwartung: Teamviewer<http://pcsn.ch/media/38904/jmc_quicksupport.exe> MAC Fernwartung: Teamviewer<http://download.teamviewer.com/download/version_9x/TeamViewerQS.dmg> -------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net> ------------------------------------------------------------------------------ _______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net<mailto:Zenloadbalancer-support@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): zenloadbalancer-support@lists.sourceforge.net<mailto:zenloadbalancer-support@lists.sourceforge.net>
------------------------------------------------------------------------------
_______________________________________________ Zenloadbalancer-support mailing list Zenloadbalancer-support@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
