On Fri, Dec 7, 2012 at 3:23 PM, Emilio Campos <
[email protected]> wrote:
> I reply below
>
>
>
> I think there is a problem of misconfiguration, I hope this help you
>
> 2012/12/6 ankush grover <[email protected]>
>
>>
>>
>> Hi,
>>
>> I have couple questions regarding the Zen Load balancer. Basically, I are
>> looking for running some services like ldap,ldaps,http & https services in
>> clustered mode. I have configured the same in a test environment everything
>> is working except with https services via TCP Profile as the real server is
>> seeing the logs of the Zen Load Balancer rather than of the original client
>> ip even though "RequestHeader set X-Forwarded-Proto "https"" is already
>> mentioned in the ssl.conf file on Centos 6.x 64-bit Apache server. If I run
>> TCP profile with Port 80 then the IPAddress of the original client is
>> getting logged. Below settings are there in the Apache
>>
>
>
> In a TCP farm with https backends the load balancer can't modify or
> create the x-forwarded-for header because the communication is encrypted.
> If you want to do this you need to use HTTPS farm, the x-forwarded for
> header is added by default. In this kind of farm the ssl offload is
> mandatory, it means: the client talks in https mode with the lb and the lb
> talks in http mode with backends, it's the same that you have to add
> backends configured with 80 port in the load balancer
>
> HTTP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (L7 content switching)
> >>>>>>>>>>**HTTP**>>>>>>>> BACKENDS
> TCP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (TCP raw mode NO L7
> content switching) >>>>>>>>>>**HTTPS**>>>>>>>> BACKENDS
>
> Thanks for the clarification. Only problem I see with HTTPs farm is that
> we have some applications running which asks for the username and password.
> Presently everything is encrypted as the Apache server auto-redirects to
> https. So if we configure https farm will the username and passwords goes
> unencrypted? Also, we have different applications and we display different
> error messages based on the error code for these applications. It is
> possible to do the same in HTTPS farm ?
>
>>
>>
>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
>> combined
>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>> \"%{User-Agent}i\"" proxy
>> SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
>> CustomLog "logs/access_log" combined env=!forwarded
>> CustomLog "logs/access_log" proxy env=forwarded
>>
>>
>>
>> Also, I am not able to setup or run the website with HTTPS profile as
>> somehow the Zen is not able to work with Godaddy certificates. This is how
>> I created the zen certificate
>>
>> cat godaddycert.pem intermediatecertificate.pem >> zencertnew.pem
>>
>> The certificate is accepted but the site returns "An internal server
>> error occurred. Please try again later." Error Code 500.
>>
>> If the certificate works fine in the client then be sure that you added
> backends in the https farm with the 80 port, no 443.
>
>
>>
>> Even I tried the below configuration but the same error
>>
>> cat godaddycert.pem intermediatecertificate.pem privatekey.pem >>
>> zencertnew.pem
>>
>>
>> Zen load Balancer version: 2 installed via ISO.
>>
>>
>>
>> So how can I configure TCP profile for port 443 with go daddy
>> certificates and original ip address gets logged in the Apache logs. Do let
>> me know if you need any further information
>>
>
> I explain that in the first lines. You need a HTTPS profile with your
> godaddy certificate configured and add backendins with 80 port (http)
>
> There is a good manual to configure certificates in zen load balancer
> thanks to Lou Feliz:
>
> http://mywordz.blogspot.com.es/2012/05/zen-load-balancer-ssl.html
>
>
>
>
>>
>> Thanks & Regards
>>
>> Ankush
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> _______________________________________________
>> Zenloadbalancer-support mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>
>>
>
>
> --
> Load balancer distribution - Open Source Project
> http://www.zenloadbalancer.com
> Distribution list (subscribe):
> [email protected]
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
