Hello,
we would like to load balance our https connections as well, using haproxy. The connections end up on a number of pound servers. They decrypt the SSL traffic and send it on to the apaches.
We are able to forward the https connections using tcp mode, however we lose the "forwardfor" information. This is very important for us on https connections, as these are purchases and we need to save the IP address for fraud detection and prevention.
Forwarding the https connections using http mode does not work, obviously.
What we would really like to do is:
listen sslourpage.de:443 213.xxx.xxx.xxx147:443
mode tcp
-> forwardfor
option ssl-hello-chk
balance roundrobin
server www1 192.168.xxx.xxx:443 maxconn 500 check
server www2 192.168.xxx.xxx:443 maxconn 500 check
server www3 192.168.xxx.xxx:443 maxconn 500 check
server www4 192.168.xxx.xxx:443 maxconn 500 check
As far as I know this option is not supported? The alternative would be to not use haproxy and set up a LVS cluster, with requests coming in to pound. But haproxy is so much easier and simpler. I would love to see a solution. Currently we are using haproxy 1.2.16.
Thanks
Jan
-- Geschäftsführer / Managing Director Hitflip Media Trading GmbH Gürzenichstr. 7, 50667 Köln http://www.hitflip.de - new: http://www.hitflip.co.uk Private blog: www.managingtech.de Tel. +49-(0)221-272407-27 Fax. 0221-272407-22 (that's so 1990s) HRB 59046, Amtsgericht Köln Geschäftsführer: Andre Alpar, Jan Miczaika, Gerald SchönbucherReceived on 2007/10/26 13:32
This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET