HA SSL Setup
I have 2 ISPconfig servers that are setup for redundancy behind my firewall.
I've setup my public IPs on the firewall and then specify internal IP's on each server.
Public - NAT
184.108.40.206 - 192.168.10.100 - Server 1
220.127.116.11 - 192.168.10.200 - Server 2
It works great, however when I add an SSL site, it breaks the system.
For instance, I will create a new ssl site on the master. I then assign an internal IP on the master server then setup a public IP to NAT to it.
18.104.22.168 - 192.168.10.101 - Server 1
This works fine but then breaks apache on Server 2. The apache entry is created for 192.168.10.101, which isnt on that server. If I can create 192.168.10.201 on server 2, and edit the apache site, will the site get overwritten? The SSL certificate is a wildcard and it used on both servers, so that shouldn't be a problem.
I will then create a failover group on my firewall to determine which server the user will get sent to.
I just want to make sure that the vhost directive isn't going to get overwritten when I adjust anything on the master. I suppose it's fine, if I edit that particular site, I will just know I need to do manual editing on server 2. If I create a new site entirely, I don't want to have to edit every other site on server 2.
Sites are only updated when you edit that particular site, not when you create a new one. SSL sites with SNI should work asyou can use * instead of the IP address, but SNI is most likel not what you want.
It is planned to add a IP address translation table in one of the next ispconfig releases to resolve this problem on mirrored setups.
That is excellent news. I don't mind adding the site then editing it on the second server. Then any future modifications, I'll edit the virtual hosts directly.
|All times are GMT +2. The time now is 06:53.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.