Thanks for the clarification. Only problem I see with HTTPs farm is that we
have some applications running which asks for the username and password.
Presently everything is encrypted as the Apache server auto-redirects to
https.
With this configuration the apache will redirect to https web (your zen
load balancer with the https farm configured)
So if we configure https farm will the username and passwords goes
unencrypted?
Yes it goes encrypted from client to load balancer (insecure zone). From
zen load balancer to you backends can be declared secure zone because it is
your infraestructure. If you want to know more about this you can read
about ssl offload
Also, we have different applications and we display different error
messages based on the error code for these applications. It is possible to
do the same in HTTPS farm ?
Yes HTTPS and HTTP farm can personalize some http errrors code like 500,
501, 503 or 414
2012/12/7 ankush grover <[email protected]>
>
>
>
> On Fri, Dec 7, 2012 at 3:23 PM, Emilio Campos <
> [email protected]> wrote:
>
>> I reply below
>>
>>
>>
>> I think there is a problem of misconfiguration, I hope this help you
>>
>> 2012/12/6 ankush grover <[email protected]>
>>
>>>
>>>
>>> Hi,
>>>
>>> I have couple questions regarding the Zen Load balancer. Basically, I
>>> are looking for running some services like ldap,ldaps,http & https services
>>> in clustered mode. I have configured the same in a test environment
>>> everything is working except with https services via TCP Profile as the
>>> real server is seeing the logs of the Zen Load Balancer rather than of the
>>> original client ip even though "RequestHeader set X-Forwarded-Proto
>>> "https"" is already mentioned in the ssl.conf file on Centos 6.x 64-bit
>>> Apache server. If I run TCP profile with Port 80 then the IPAddress of the
>>> original client is getting logged. Below settings are there in the Apache
>>>
>>
>>
>
>
>> In a TCP farm with https backends the load balancer can't modify or
>> create the x-forwarded-for header because the communication is encrypted.
>> If you want to do this you need to use HTTPS farm, the x-forwarded for
>> header is added by default. In this kind of farm the ssl offload is
>> mandatory, it means: the client talks in https mode with the lb and the lb
>> talks in http mode with backends, it's the same that you have to add
>> backends configured with 80 port in the load balancer
>>
>> HTTP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (L7 content switching)
>> >>>>>>>>>>**HTTP**>>>>>>>> BACKENDS
>> TCP FARM: Client >>>>>>>>**HTTPS**>>>>>> ZEN (TCP raw mode NO L7
>> content switching) >>>>>>>>>>**HTTPS**>>>>>>>> BACKENDS
>>
>> Thanks for the clarification. Only problem I see with HTTPs farm is that
>> we have some applications running which asks for the username and password.
>> Presently everything is encrypted as the Apache server auto-redirects to
>> https. So if we configure https farm will the username and passwords goes
>> unencrypted? Also, we have different applications and we display different
>> error messages based on the error code for these applications. It is
>> possible to do the same in HTTPS farm ?
>>
>>>
>>>
>>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
>>> combined
>>> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>>> \"%{User-Agent}i\"" proxy
>>> SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
>>> CustomLog "logs/access_log" combined env=!forwarded
>>> CustomLog "logs/access_log" proxy env=forwarded
>>>
>>>
>>>
>>> Also, I am not able to setup or run the website with HTTPS profile as
>>> somehow the Zen is not able to work with Godaddy certificates. This is how
>>> I created the zen certificate
>>>
>>> cat godaddycert.pem intermediatecertificate.pem >> zencertnew.pem
>>>
>>> The certificate is accepted but the site returns "An internal server
>>> error occurred. Please try again later." Error Code 500.
>>>
>>> If the certificate works fine in the client then be sure that you added
>> backends in the https farm with the 80 port, no 443.
>>
>>
>>>
>>> Even I tried the below configuration but the same error
>>>
>>> cat godaddycert.pem intermediatecertificate.pem privatekey.pem >>
>>> zencertnew.pem
>>>
>>>
>>> Zen load Balancer version: 2 installed via ISO.
>>>
>>>
>>>
>>> So how can I configure TCP profile for port 443 with go daddy
>>> certificates and original ip address gets logged in the Apache logs. Do let
>>> me know if you need any further information
>>>
>>
>> I explain that in the first lines. You need a HTTPS profile with your
>> godaddy certificate configured and add backendins with 80 port (http)
>>
>> There is a good manual to configure certificates in zen load balancer
>> thanks to Lou Feliz:
>>
>> http://mywordz.blogspot.com.es/2012/05/zen-load-balancer-ssl.html
>>
>>
>>
>>
>>>
>>> Thanks & Regards
>>>
>>> Ankush
>>>
>>> ------------------------------------------------------------------------------
>>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>>> Remotely access PCs and mobile devices and provide instant support
>>> Improve your efficiency, and focus on delivering more value-add services
>>> Discover what IT Professionals Know. Rescue delivers
>>> http://p.sf.net/sfu/logmein_12329d2d
>>> _______________________________________________
>>> Zenloadbalancer-support mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>>
>>>
>>
>>
>> --
>> Load balancer distribution - Open Source Project
>> http://www.zenloadbalancer.com
>> Distribution list (subscribe):
>> [email protected]
>>
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> _______________________________________________
>> Zenloadbalancer-support mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>>
>>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
