Load-balancing an SSL-based server farm?
Jarod Wilson
jarod at wilsonet.com
Mon Jan 18 14:40:37 EST 2010
On Mon, Jan 18, 2010 at 2:29 PM, Paul Lussier <p.lussier at comcast.net> wrote:
>
> Hi all,
>
> Has anyone here set up LVS (or something equivalent) to load balance
> across a set of apache servers serving up SSL-protected sites?
Yes, but it was 4+ years ago. :)
> I've googled around, and all the docs I've come up with are at least 4+
> years old, and somewhat incomplete. Interestingly, I can't even find a
> single book about the topic!
In my case, we were using Foundry Networks ServerIron (iirc) load
balancers. There really wasn't any difference between the
load-balanced http and https setups that I can recall -- you just need
to make sure the same ssl cert exists on each of the load-balanced
servers.
> The examples I've found tend to be concerned with a basic apache config
> without SSL being involved, and don't address the scalability of the LVS
> configuration. The things I'm most concerned with :)
No clue there.
> The basic scope of the project is this:
>
> - we have about 10 apache servers handling 10,000 sites over both http
> and https (for a total of ~20K sites)
>
> - we need a scalable HA load-balancing solution to sit in front of
> these servers and load balance across them dealing with both http and
> https traffic.
>
> My questions at this point are:
>
> - Is LVS the right tool, or is there something better (OSS) ?
Pretty sure LVS is the right tool. Its what we probably would have
used if we didn't already have hardware load-balancers.
> - Can LVS handle this size of a load ?
> - How many sites can LVS scale to serving?
> - Can the LVS config be updated dynamically, on-the-fly, without
> restarting ldirectord ?
> - Is there any recent (w/in the last 2 years) documentation or are there
> any books on building such an environment with LVS ?
Not really sure on any of these, its been a good long while since I've
actually looked into it.
> Many thanks for any information, URLs, pointers, references, etc.
I assume you've found http://www.linuxvirtualserver.org/Documents.html
--
Jarod Wilson
jarod at wilsonet.com
More information about the gnhlug-discuss
mailing list