Hi, On 06.11.2013 22:09, Jacob Gibson wrote: > I was happily using HAProxy, until I received word that we need to > also > encrypt traffic to the web servers. So, internet --https--> load > balancer > --https--> web servers. Would ldirectord be a more appropriate > choice? We > don't need any Layer 7 rules. > > We do need the following: > > 1) HTTPS all the way through > 2) Web servers need to see the IP of the user > 3) Users need sticky sessions to a web server (where the sticky > assignment > counter gets refreshed on each user request) > 4) HTTPS Keep-Alive support > 6) Mobile and older browser support (I say this because I keep reading > this > about SNI, but I don't know if that applies to us) > > I believe ldirectord can do #1 and #2, but don't know about #3-#6.
You can do #1 also with HAProxy. At least, if you take 1.5-dev. #2 is possible but you need to do some 'tricks' for that. Using X-Forwarded-For headers and mod-rpaf if using Apache will make the webservers see the originating address. Greets, Sander _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
