HA SSL Setup

Discussion in 'Installation/Configuration' started by bc2946088, Mar 30, 2012.

  1. bc2946088

    bc2946088 New Member

    I have 2 ISPconfig servers that are setup for redundancy behind my firewall.

    I've setup my public IPs on the firewall and then specify internal IP's on each server.

    Public - NAT - - Server 1 - - Server 2

    It works great, however when I add an SSL site, it breaks the system.

    For instance, I will create a new ssl site on the master. I then assign an internal IP on the master server then setup a public IP to NAT to it. - - Server 1

    This works fine but then breaks apache on Server 2. The apache entry is created for, which isnt on that server. If I can create on server 2, and edit the apache site, will the site get overwritten? The SSL certificate is a wildcard and it used on both servers, so that shouldn't be a problem.

    I will then create a failover group on my firewall to determine which server the user will get sent to.

    I just want to make sure that the vhost directive isn't going to get overwritten when I adjust anything on the master. I suppose it's fine, if I edit that particular site, I will just know I need to do manual editing on server 2. If I create a new site entirely, I don't want to have to edit every other site on server 2.

  2. till

    till Super Moderator

    Sites are only updated when you edit that particular site, not when you create a new one. SSL sites with SNI should work asyou can use * instead of the IP address, but SNI is most likel not what you want.

    It is planned to add a IP address translation table in one of the next ispconfig releases to resolve this problem on mirrored setups.
  3. bc2946088

    bc2946088 New Member

    That is excellent news. I don't mind adding the site then editing it on the second server. Then any future modifications, I'll edit the virtual hosts directly.


Share This Page