I started to read on the reverse proxy. It seems to be exactly what I want but I still haven't found the right config.
If I just replace ProxyPass by ProxyPassReverse, I do not reach the member servers behind. But thanks for the article, I will check around page 38. On Tue, Mar 17, 2020 at 10:19 PM Jonathon Koyle <literea...@gmail.com> wrote: > Sorry, I misread the end of your message. One feature that could > accomplish what you are looking for is reverse proxy. Try using > ProxyPassReverse instead of ProxyPass. There may be other settings to > address, but I have never used the landing > Load balancing. One of the contributors mentions it in a PDF available at > http://www.jimjag.com/presos/AC-US-08/ACUS08-AdvancedLoadBalancing-Apache2.2.pdf > it's around page 38. > > On Tue, Mar 17, 2020, 8:04 PM Jonathon Koyle <literea...@gmail.com> wrote: > >> This is actually part of the ssl certificate. The certificate has a >> field to identify the host and have to match the hostname in the URL the >> Common Name CN. There is also an optional list Subject Alternative Name >> SAN that can be specified if you want one cert to match against various url >> hostnames. >> >> If you want to have SSL using the IP address, your certificate must be >> issued with the IP as the CN or in the SAN. >> >> On Tue, Mar 17, 2020, 7:33 PM Gilbert Soucy <gso...@36pix.com> wrote: >> >>> Hello, >>> >>> I am not an expert, so I apologize if my question is unclear. >>> >>> I have a problem with setting up a load balancer that supports ssl with >>> a valid certificate. >>> >>> It works ok when I refer to the balancer members by a valid DNS name. >>> However, if I just put the IP address of the balancer members, I get >>> >>> ERROR: certificate common name '*.mydomain.com' doesn't match >>> requested host name '52.26.53.37'. >>> >>> I am following the load balancer sample config found here: >>> https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html >>> >>> that I adapted to ssl, here is my ssl.conf : >>> >>> <VirtualHost *:443> >>> SSLEngine On >>> SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt >>> SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key >>> SSLCACertificateFile >>> /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt >>> >>> ErrorLog /var/www/mydomain.com/logs/error.log >>> CustomLog /var/www/mydomain.com/logs/access.log combined >>> >>> ProxyRequests off >>> <Proxy balancer://cluster> >>> >>> >>> # Using valid DNS names for the members works well >>> >>> BalancerMember https://ws1.mydomain.com/ >>> BalancerMember https://ws2.mydomain.com/ >>> >>> # Using the IP address of the members returns the certificate >>> error given above >>> >>> #BalancerMember http://52.73.75.46/ >>> #BalancerMember http://52.26.53.37/ >>> >>> ProxySet lbmethod=byrequests >>> </Proxy> >>> >>> <Location /balancer-manager> >>> SetHandler balancer-manager >>> </Location> >>> >>> # ProxyPreserveHost On >>> ProxyPass /balancer-manager ! >>> ProxyPass / balancer://cluster/ >>> >>> </VirtualHost> >>> >>> I would like to be able to use only the IP addresses so that I can add a >>> variable number of BalancerMember that I could start dynamically on a cloud >>> setup. >>> Using a DNS entry for each BalancerMember makes everything more >>> complicated. >>> >>> Is there a way to configure httpd so that only the load balancer servers >>> needs to have a valid certificate and a DNS name ? >>> All the balancerMembers behind the load balancer would exist only with >>> their IP address. >>> >>> Thank you >>> >>> Gilbert >>> >>
