HA SSL Setup

Discussion in 'Installation/Configuration' started by bc2946088, Mar 30, 2012.

  1. bc2946088

    bc2946088 New Member

    I have 2 ISPconfig servers that are setup for redundancy behind my firewall.

    I've setup my public IPs on the firewall and then specify internal IP's on each server.

    Public - NAT
    1.1.1.10 - 192.168.10.100 - Server 1
    1.1.1.11 - 192.168.10.200 - Server 2

    It works great, however when I add an SSL site, it breaks the system.

    For instance, I will create a new ssl site on the master. I then assign an internal IP on the master server then setup a public IP to NAT to it.

    1.1.1.12 - 192.168.10.101 - Server 1

    This works fine but then breaks apache on Server 2. The apache entry is created for 192.168.10.101, which isnt on that server. If I can create 192.168.10.201 on server 2, and edit the apache site, will the site get overwritten? The SSL certificate is a wildcard and it used on both servers, so that shouldn't be a problem.

    I will then create a failover group on my firewall to determine which server the user will get sent to.

    I just want to make sure that the vhost directive isn't going to get overwritten when I adjust anything on the master. I suppose it's fine, if I edit that particular site, I will just know I need to do manual editing on server 2. If I create a new site entirely, I don't want to have to edit every other site on server 2.

    Thanks!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Sites are only updated when you edit that particular site, not when you create a new one. SSL sites with SNI should work asyou can use * instead of the IP address, but SNI is most likel not what you want.

    It is planned to add a IP address translation table in one of the next ispconfig releases to resolve this problem on mirrored setups.
     
  3. bc2946088

    bc2946088 New Member

    That is excellent news. I don't mind adding the site then editing it on the second server. Then any future modifications, I'll edit the virtual hosts directly.

    Thanks!
     

Share This Page