Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
[lvs-users] Is ldirectord the right choice for https through and through
jacob.gibblers at gmail
Nov 6, 2013, 1:09 PM
Post #1 of 3 (1039 views)
Permalink
I was happily using HAProxy, until I received word that we need to also
encrypt traffic to the web servers. So, internet --https--> load balancer
--https--> web servers. Would ldirectord be a more appropriate choice? We
don't need any Layer 7 rules.

We do need the following:

1) HTTPS all the way through
2) Web servers need to see the IP of the user
3) Users need sticky sessions to a web server (where the sticky assignment
counter gets refreshed on each user request)
4) HTTPS Keep-Alive support
6) Mobile and older browser support (I say this because I keep reading this
about SNI, but I don't know if that applies to us)

I believe ldirectord can do #1 and #2, but don't know about #3-#6.

Thanks
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] Is ldirectord the right choice for https through and through [ In reply to ]
malcolm at loadbalancer
Nov 6, 2013, 1:15 PM
Post #2 of 3 (1017 views)
Permalink
Jacob,

I would have thought it would be happy with all of those requirements
as its pretty application agnostic.
I'd recommend one-arm Direct Routing mode but NAT mode would also be
transparent.



On 6 November 2013 21:09, Jacob Gibson <jacob.gibblers@gmail.com> wrote:
> I was happily using HAProxy, until I received word that we need to also
> encrypt traffic to the web servers. So, internet --https--> load balancer
> --https--> web servers. Would ldirectord be a more appropriate choice? We
> don't need any Layer 7 rules.
>
> We do need the following:
>
> 1) HTTPS all the way through
> 2) Web servers need to see the IP of the user
> 3) Users need sticky sessions to a web server (where the sticky assignment
> counter gets refreshed on each user request)
> 4) HTTPS Keep-Alive support
> 6) Mobile and older browser support (I say this because I keep reading this
> about SNI, but I don't know if that applies to us)
>
> I believe ldirectord can do #1 and #2, but don't know about #3-#6.
>
> Thanks
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users



--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] Is ldirectord the right choice for https through and through [ In reply to ]
roedie at roedie
Nov 6, 2013, 11:48 PM
Post #3 of 3 (1020 views)
Permalink
Hi,

On 06.11.2013 22:09, Jacob Gibson wrote:
> I was happily using HAProxy, until I received word that we need to
> also
> encrypt traffic to the web servers. So, internet --https--> load
> balancer
> --https--> web servers. Would ldirectord be a more appropriate
> choice? We
> don't need any Layer 7 rules.
>
> We do need the following:
>
> 1) HTTPS all the way through
> 2) Web servers need to see the IP of the user
> 3) Users need sticky sessions to a web server (where the sticky
> assignment
> counter gets refreshed on each user request)
> 4) HTTPS Keep-Alive support
> 6) Mobile and older browser support (I say this because I keep reading
> this
> about SNI, but I don't know if that applies to us)
>
> I believe ldirectord can do #1 and #2, but don't know about #3-#6.

You can do #1 also with HAProxy. At least, if you take 1.5-dev.

#2 is possible but you need to do some 'tricks' for that. Using
X-Forwarded-For headers and mod-rpaf if using Apache will make the
webservers see the originating address.

Greets,

Sander

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal