Does anyone have information about how to build redundant apache web site
with SSL?
Thanks
- Ming Yu
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
Hi,
I'm trying to do this. The main problem is HTTPS session IDs I guess. This
makes load-balancing a bit more complicated since you need to forward every
request to the same server that has the sessionID. This is doable with Linux
LVS, your firewall or with HW load-balancing kit.
Now, what
A more expensive solution would be using a hardware based SSL switch up
front like the Nortel Alteon series.
Jeff
On Fri, 25 Jan 2002, Thierry Coopman wrote:
Hi,
I'm trying to do this. The main problem is HTTPS session IDs I guess. This
makes load-balancing a bit more complicated since
On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote:
Hi,
I'm trying to do this. The main problem is HTTPS session IDs I guess. This
makes load-balancing a bit more complicated since you need to forward every
request to the same server that has the sessionID. This is doable with
I don't think client cerificates are a strong mean of authentication
but
You should create one virtual host per reverse-proxy (don't forget the
Listen xxx directives...) and put these lines in your httpd.conf:
VirtualHost _default_:xxx
SSLEngine on
SSLCertificateFile
This is the kind of thing within the virtual host configuration on the
machine you are proxying to:
LocationMatch /
Order deny,allow
Deny from all
Allow from 10.
AuthType Basic
AuthName Outside users
AuthDBUserFile /path/to/dbuserfile
require valid-user
satisfy
Mads Toftum wrote:
On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote:
[snip]
Now, what ahppens on a failure?
- The server(s) that still exist can take over the ip address of the failing
server
- The LoadBalancing system detects it and doesn't use the machine any more.
I haven't nailed down this bug yet, but here is the symptom:
* on FreeBSD-4.5RC,
* install Apache-1.3.23+mod_ssl, but don't make certificate
* apachectl startssl
then I see this in the error log:
[Fri Jan 25 15:28:44 2002] [error] mod_ssl: Init: Unable to read server certificate f
rom file
When I try and start Apache 1.3.22 on Solaris 8 I get:
bash-2.03# /usr/local/apache/bin/apachectl start
ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed:
No such file or directory
This also happens on Linux and there it's caused by the shared library cache
mechanism.
Dear Simon
A quick hack is to put a symbolic link in /usr/lib for libssl.o
Regards
Stephen Carr
Simon Ritchie said:
When I try and start Apache 1.3.22 on Solaris 8 I get:
bash-2.03# /usr/local/apache/bin/apachectl start
ld.so.1: /usr/local/apache/bin/httpd: fatal: libssl.so.0: open failed:
On Thu, 2002-01-24 at 08:24, Thomas Binder wrote:
Test this using OpenSSL's s_client:
[jon@devotchka jon]$ openssl s_client -quiet -connect devotchka:23456
EOF
GET / HTTP/1.1
Host: devotchka
EOF
snip
HTTP/1.1 200 OK
Date: Fri, 25 Jan 2002 17:56:17 GMT
Server: Apache/1.3.22 (Unix)
comments intertwined:
On Fri, Jan 25, 2002 at 02:41:46PM +0100, Thierry Coopman wrote:
Hi,
I'm trying to do this. The main problem is HTTPS session IDs I guess. This
makes load-balancing a bit more complicated since you need to forward every
request to the same server that has the
IIRC you have to update your LD_LIBRARY_PATH to find libssl.o.
though I think what I did is below...
-g
On Sat, Jan 26, 2002 at 07:50:54AM +1030, Stephen Carr wrote:
Dear Simon
A quick hack is to put a symbolic link in /usr/lib for libssl.o
Regards
Stephen Carr
Simon Ritchie said:
13 matches
Mail list logo