I reply below
I think there is a problem of misconfiguration, I hope this help you
2012/12/6 ankush grover <[email protected]>
>
>
> Hi,
>
> I have couple questions regarding the Zen Load balancer. Basically, I are
> looking for running some services like ldap,ldaps,http & https services in
> clustered mode. I have configured the same in a test environment everything
> is working except with https services via TCP Profile as the real server is
> seeing the logs of the Zen Load Balancer rather than of the original client
> ip even though "RequestHeader set X-Forwarded-Proto "https"" is already
> mentioned in the ssl.conf file on Centos 6.x 64-bit Apache server. If I run
> TCP profile with Port 80 then the IPAddress of the original client is
> getting logged. Below settings are there in the Apache
>
In a TCP farm with https backends the load balancer can't modify or create
the x-forwarded-for header because the communication is encrypted.
If you want to do this you need to use HTTPS farm, the x-forwarded for
header is added by default. In this kind of farm the ssl offload is
mandatory, it means: the client talks in https mode with the lb and the lb
talks in http mode with backends, it's the same that you have to add
backends configured with 80 port in the load balancer
HTTP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (L7 content switching)
>>>>>>>>>>**HTTP**>>>>>>>> BACKENDS
TCP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (TCP raw mode NO L7 content
switching) >>>>>>>>>>**HTTPS**>>>>>>>> BACKENDS
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
> combined
> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" proxy
> SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
> CustomLog "logs/access_log" combined env=!forwarded
> CustomLog "logs/access_log" proxy env=forwarded
>
>
>
> Also, I am not able to setup or run the website with HTTPS profile as
> somehow the Zen is not able to work with Godaddy certificates. This is how
> I created the zen certificate
>
> cat godaddycert.pem intermediatecertificate.pem >> zencertnew.pem
>
> The certificate is accepted but the site returns "An internal server error
> occurred. Please try again later." Error Code 500.
>
> If the certificate works fine in the client then be sure that you added
backends in the https farm with the 80 port, no 443.
>
> Even I tried the below configuration but the same error
>
> cat godaddycert.pem intermediatecertificate.pem privatekey.pem >>
> zencertnew.pem
>
>
> Zen load Balancer version: 2 installed via ISO.
>
>
>
> So how can I configure TCP profile for port 443 with go daddy certificates
> and original ip address gets logged in the Apache logs. Do let me know if
> you need any further information
>
I explain that in the first lines. You need a HTTPS profile with your
godaddy certificate configured and add backendins with 80 port (http)
There is a good manual to configure certificates in zen load balancer
thanks to Lou Feliz:
http://mywordz.blogspot.com.es/2012/05/zen-load-balancer-ssl.html
>
> Thanks & Regards
>
> Ankush
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
