Re: [users@httpd] Setting up a load balancer with https and a valid certificate

Tue, 17 Mar 2020 19:20:14 -0700 

As soon as I add

     ProxyPreserveHost On

I get too many redirections.

On Tue, Mar 17, 2020 at 10:11 PM <d...@tuxweb.it> wrote:

> Already tried with those? :
>
> SSLProxyEngine On
> SSLProxyCheckPeerName Off
> SSLProxyCheckPeerExpire Off
> SSLProxyCipherSuite All
> SSLProxyProtocol all -SSLv3
> SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+EXP
> SSLProxyVerify none
> ProxyPreserveHost On
>
> This way your reverse proxy will not check worker certificates.
>
>
> 18 marzo 2020 02:33, "Gilbert Soucy" <gso...@36pix.com
> <gso...@36pix.com?to=%22gilbert%20soucy%22%20%3cgso...@36pix.com%3E>>
> wrote:
>
> Hello,
> I am not an expert, so I apologize if my question is unclear.
> I have a problem with setting up a load balancer that supports ssl with a
> valid certificate.
> It works ok when I refer to the balancer members by a valid DNS name.
> However, if I just put the IP address of the balancer members, I get
> ERROR: certificate common name '*.mydomain.com' doesn't match requested
> host name '52.26.53.37'.
> I am following the load balancer sample config found here:
> https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html
> that I adapted to ssl, here is my ssl.conf :
>
> <VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt
> SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key
> SSLCACertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt
> ErrorLog /var/www/mydomain.com/logs/error.log
> CustomLog /var/www/mydomain.com/logs/access.log combined
> ProxyRequests off
> <Proxy balancer://cluster>
>
> # Using valid DNS names for the members works well
>
> BalancerMember https://ws1.mydomain.com/
> BalancerMember https://ws2.mydomain.com/
>
> # Using the IP address of the members returns the certificate error given
> above
>
> #BalancerMember http://52.73.75.46/
> #BalancerMember http://52.26.53.37/
> ProxySet lbmethod=byrequests
> </Proxy>
> <Location /balancer-manager>
> SetHandler balancer-manager
> </Location>
> # ProxyPreserveHost On
> ProxyPass /balancer-manager !
> ProxyPass / balancer://cluster/
> </VirtualHost>
>
> I would like to be able to use only the IP addresses so that I can add a
> variable number of BalancerMember that I could start dynamically on a cloud
> setup.
> Using a DNS entry for each BalancerMember makes everything more
> complicated.
> Is there a way to configure httpd so that only the load balancer servers
> needs to have a valid certificate and a DNS name ?
> All the balancerMembers behind the load balancer would exist only with
> their IP address.
> Thank you
> Gilbert
>
>
>
>

Reply via email to