Yes another haproxy and SSL question.
I have looked over the archives and want to post this.
We are going to setup our own little cluster with several machines to host a several domains, and a couple of these will need SSL.
We plan on running a haproxy passing to a handful of apache machines.
We are going to have to use name based vhosts for this config, and that is where our first issue with SSL starts however I believe that can be solved by using a different port.
We might use *:443 for one domain, and *:445 for another.
So in haproxy's config which will have all the different ips I should be able to
listen domain1 72.x.x.1:443
mode http option httpchk HEAD /check.txt HTTP/1.0 server www1 10.0.0.1:443 check server www2 10.0.0.2:443 check server www3 10.0.0.3:443 check listen domain2 72.x.x.2:443 mode http option httpchk HEAD /check.txt HTTP/1.0 server www1 10.0.0.1:445 check server www2 10.0.0.2:445 check server www3 10.0.0.3:445 check
So to the user when they type in domain1.com:443 or domain2.com:443 they would both be done with SSL, and the requested is just passed onto apache on the correct port.
Would I need to change the mode from http to tcp
Is this a workable solution?
The user always connecting to the same backend apache server isn't a problem for sessions.
I hope someone can shed some light on this for me.
Nick Received on 2009/01/23 12:38
This archive was generated by hypermail 2.2.0 : 2009/01/23 12:45 CET