Greg,
I am
doing this now, so I will get back to the list when I am finished. This is my
working plan:
1.
there are two loadbalancers instances, one for http and one for https. These can
be on the same machine or seperate machines.
2. the
ports for your web-sites can be different from your loadbalancer(s) port. This
allows you to have the loadbalancer and an orion instance on the same machine,
for example. Or the ports can be the same, in which case the loadbalancer(s) has
to be on a different machine.
3. the
same rules apply for the loadbalancer as orion for unix machines. You need to
use some port forwarding, like ipchains, if you want to run the loadbalancer on
a user account which is not the superuser. This applies also for the ssl port.
(skip 3 if you are using m$ or don't care)
4. the
ssl setup in the load-balancer.xml (see the ssl-config tag in the
load-balancer.xml documentation) is the same as the secure-web-site.xml, but you
will have to set the secure flag in the load-balancer tag. Obviously, this means
you will need a keystore for the loadbalancer, and a keystore for the backend
for total secure communication. I believe that the communication to the backend
is transparant to the user, so you can self certify that connection,
irregardless of what those guys at verisign say.
5. you
can skip all of this and use apache for ssl (interesting, but slow). This is
what oracle advises, because they can't figure out orion, or they have so much
invested in the "apache/oracle" solution.
I'm
testing this now, as soon as I get through the hickups, I will let the list
know.
regards,
the
elephantwalker
|
- clustering + ssl together Greg Matthews
- RE: clustering + ssl together elephantwalker
- RE: clustering + ssl together elephantwalker
- Re: clustering + ssl together Greg Matthews
- RE: clustering + ssl together elephantwalker
- RE: clustering + ssl together elephantwalker
- Re: clustering + ssl together Greg Matthews
- Re: clustering + ssl together Greg Matthews
- RE: clustering + ssl together elephantwalker
- RE: clustering + ssl together elephantwalker
- Re: clustering + ssl together Greg Matthews
- Re: clustering + ssl together Greg Kogan