#1  
Old 30th March 2012, 04:28
bc2946088 bc2946088 is offline
Junior Member
 
Join Date: Mar 2012
Posts: 15
Thanks: 0
Thanked 1 Time in 1 Post
Default HA SSL Setup

I have 2 ISPconfig servers that are setup for redundancy behind my firewall.

I've setup my public IPs on the firewall and then specify internal IP's on each server.

Public - NAT
1.1.1.10 - 192.168.10.100 - Server 1
1.1.1.11 - 192.168.10.200 - Server 2

It works great, however when I add an SSL site, it breaks the system.

For instance, I will create a new ssl site on the master. I then assign an internal IP on the master server then setup a public IP to NAT to it.

1.1.1.12 - 192.168.10.101 - Server 1

This works fine but then breaks apache on Server 2. The apache entry is created for 192.168.10.101, which isnt on that server. If I can create 192.168.10.201 on server 2, and edit the apache site, will the site get overwritten? The SSL certificate is a wildcard and it used on both servers, so that shouldn't be a problem.

I will then create a failover group on my firewall to determine which server the user will get sent to.

I just want to make sure that the vhost directive isn't going to get overwritten when I adjust anything on the master. I suppose it's fine, if I edit that particular site, I will just know I need to do manual editing on server 2. If I create a new site entirely, I don't want to have to edit every other site on server 2.

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 30th March 2012, 08:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,678
Thanks: 819
Thanked 5,318 Times in 4,171 Posts
Default

Sites are only updated when you edit that particular site, not when you create a new one. SSL sites with SNI should work asyou can use * instead of the IP address, but SNI is most likel not what you want.

It is planned to add a IP address translation table in one of the next ispconfig releases to resolve this problem on mirrored setups.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 30th March 2012, 17:49
bc2946088 bc2946088 is offline
Junior Member
 
Join Date: Mar 2012
Posts: 15
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

That is excellent news. I don't mind adding the site then editing it on the second server. Then any future modifications, I'll edit the virtual hosts directly.

Thanks!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a SSL website in ISPConfig 3? qiubosu Installation/Configuration 2 1st August 2011 02:52
Adding SSL certificate to Site snowfly Installation/Configuration 2 31st May 2011 12:54
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 04:03
Debian perfect setup network problem reddogg Installation/Configuration 2 18th January 2006 22:04


All times are GMT +2. The time now is 00:44.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.