I'm an idiot. ;-) More below...
Joseph Mack NA3T wrote: > On Thu, 25 Oct 2007, Dan Yocum wrote: > >> I've configured 3 VirtualHosts directives in the apache (v2.2.4) conf >> file to use the appropriate cert/key pairs depending on what IP the >> request comes in on (I've tried this by hostname, too - still no luck). >> This same configuration file *is* working on a non-HA system >> (fermigrid2.fnal.gov) - I've simply copied the conf files over and >> changed the paths for the SSLCertificateFile and SSLCertificateKeyFile >> variables. > > We need to get this written up for the HOWTO (whatever > "this" turns out to be). I expect you're running into the > problem of https being name based rather than IP based, ie > when you come in on VIP1, the machine has to be hostname_1 > and when you come in on VIP2, the machine has to be > hostname_2. However I don't know how you do this. Indeed. I'll be happy to write it up when I get it all straightened out in my notes. More below (I promise). > > Can you get a single (non-lvs) server to serve up two https > sites? Can you get your lvs setup to balance https with only > one VIP? Yep. That one is running on https://gums-fg5x2.fnal.gov:8443. > > Someone else is going to have to take it from here. > >> One potential clue (or red herring), if I enable the following iptables >> rules I *can* connect to the web server, but it always gets redirected >> to the primary IP > > it's a red herring. see the HOWTO for "transparent proxy" Yep. OK, here's where I messed up: voms.opensciencegrid.org, voms.fnal.gov are already up and running on the non-HA, non-LVS'd server fermigrid2.fnal.gov. Stupid me put this in my http-ssl.conf file: <VirtualHost voms.opensciencegrid.org:8443> and <VirtualHost voms.fnal.gov:8443> Duh. Those hostname/IPs are not on this machine (I was getting ahead of myself). I'm using voms-fg5x1 and saz-fg5x3 as my test hostname/IPs. So, I put the test IPs in the VirtualHost directives and added appropriate 'Listen' lines for each server (i.e., 'Listen 131.225.107.112', etc.) and everything is working as it is supposed to. Thanks to Graeme for the 'Listen' tip. I'll write up a how-to setup LVS-DR + https in the next couple of days and send it to the list for review. On to stress testing... Thanks, Dan -- Dan Yocum Fermilab 630.840.6509 [EMAIL PROTECTED], http://fermigrid.fnal.gov Fermilab. Just zeros and ones. _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
