Apache :: Pass SSL Through Balancer - Let Workers Decrypt
Apr 23, 2015
I'm using mod_proxy_balancer in Apache 2.2.29 with OpenSSL on Windows to distribute HTTPS requests to two other back end servers, both of which are also Apache 2.2.29 with OpenSSL on Windows.
DumpIO shows that the requests are being decrypted on the balancer, and then sent unencrypted to the two workers. I would like to have the requests pass through the balancer without decrypting there, and let the two back end worker servers do the decryption. Is that possible? If so, how?
When I tried simply disabling SSL on the balancer, the requests fail, with nothing logged at all.
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
I am trying to setup a pass through on our apache proxy server, typically this is not any trouble but our developers have started using a product call DEV EXPRESS and I cannot figure out how to get my pass through to work. Here's what my pass through looks like
ProxyPass /tmsdev http://tmsdev.dot.missouri/ ProxyPassReverse /tmsdev http://tmsdev.dot.missouri/ The initial url is http://tmsdev.dot.missouri/RealEstate/AAH/LitterPickup.aspx
I am getting 404 errors on everything that has /RealEstate/DXR.axd......... The DXR.axd is something from DEVEXPRESS here's the error I'm getting.
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /RealEstate/DXR.axd was not found on this server.</p> <hr /> <address>IBM_HTTP_Server/6.0.2.35 Apache/2.0.47 (Win32) Server at ghweb04 Port 80</address> </body></html>
I have a setup where Apache connects to a F5 load balancer which in turn balances between two jboss app servers.
Apache using mod_proxy -> F5 (hardware load balancer) -> 2 jboss application server
It uses jsessionid. I sometimes get 500 errors for the post methods. I think the request goes to the incorrect jboss server because of the F5 load balancer. Everything works just right when I shutdown one of the jboss app servers.
I am using single Apache HTTP Server (2.2.23) as a Load Balancer with two IBM Websphere application server nodes (other machines). I have deployed the simple text based helloWorld application and it works fine with load balancer. But When I deploy the real application that contains images,css file , java script file. It loads the page without images and show me simple text and gives me the following Exception on error_logs and similar kind of exceptions
[error] [client 192.217.71.77] File does not exist: /usr/local/apache2/htdocs/application, referer: http://192.168.141.17/application/faces/test.jsp
Interestingly, when I access the application without load balancer, it also works fine.
Anyone know of a good load balancer for Linux that is able to not only distribute load evenly amongst many servers, but one that's able to allocate servers based on the resource?
For instance:
I want www.mysite.com/dogs to be load-balanced between servers A, B, and C. I want www.mysite.com/cats to be load-balanced between servers X, Y, and C.
A little bit excited as the Barracuda is coming soon...
We have 1 forum server, and it's being access internally by all the classrooms, students, teachers, etc. How should I approach this setup? The current hostname for the forum machine is forum... how should I setup the cluster? forum2?
Something with a failover load balancer that you can assign a static IP address to and it'll sit in front of a number of lowend virtual private servers.
I have two servers that I run in Los Angeles (used to host gaming servers for a small community I run) for personal use that seem to be a little jumpy with server performance.
Would a load balancer help with this situation?
And for the n00b question, what exactly is a load balancer.
Very new to hosting servers, so I appreciate a gentle response
I am having a very strange problem with 2 different cPanel accounts on a server with 500-600 accounts. For some reason after a day or two the mysql username/password stops working. We have tried changing the MySQL user and the password with no success. The log does not indicate that the MySQL password was changed in any way. Only these 2 accounts are affected and this problem occurred at least half dozen times each.
Again: these are two different accounts with 2 different MySQL users that after a while stop working (I am unable to determine if they stop working at the same time b/c they belong to different customers). When we reset the user (with the same pass) it works for a day or two. I have checked to connect not only from PHP but also from shell when it's down: it also doesn't work so this is a pure MySQL problem.
Do I need 3 LB to do this or I can do it with only one? The screenshot of Barracuda LB seem to show many "virtual LB", so I guest it's a yes?
2) So... it's service only?
On the Barracuda and some page, they are talking about "service" and not "server" LB. Can I LB a whole serveur ? Like all service from an IP xxx.xxx.xxx.234 to a server ? Or I can only do "HTTP -> SRV1" "DNS -> SRV1"? If no, what happen to service that the LB didn't know (like cPanel)?
3) An Internal Network? what About cPanel?
According to my search, LB are working like this:
EXTERNAL IP of SERVICE (xxx.xxx.xxx.200) -> INTERNAL IP SERVER 1(10.0.0.25), INTERNAL IP SERVER 2 (10.0.0.26)
So, I need to configure the server with an Internal IP cause else, it will conflit on the "local network". The probleme is, cPanel will be using the "Internal IP" to make all of his configuration... so if a user add a new website, he will configure it with 10.0.0.25, this won't since the external IP will be xxx.xxx.xxx.200 and Apache won't anwser to this virtual host. What can I do?
Can I do this ? (same internal IP as the external?) EXTERNAL IP (70.234.125.123) -> SERVER 1 INTERNAL IP (70.234.125.123), SERVER 2 INTERNAL IP (10.0.0.26)
If yes, I will configure the second serveur without cPanel and only sync the configuration and files. So in case of "crash" of the server 1, cPanel won't be working, but website won't be down...
We are planning for a clustering archirecture for our mail servers,The basic idea is put all of mailservers behind a load balancer which will monitor and distribute the n/w load as server load and forward the requests accordingly can u suggest any good hardware loadbalancer which could give us 'server load balancing' as well as n/w load balacing.
I would also like to know if it is a good idea to go for a software load balancer(like linux heartbeat) or to h/w load balancer.
traffic has been surging lately and is expected to continue surging. i am already on the fastest chipset my webhost has.
current configuration single server (centos), webserver (apache), single filesystem. many dynamic pages (perl script) but no mysql database. no php.
ideal configuration multiple webservers (apache), single file system.
assuming my scripts do not write to the filesystem (read only), what do i need to install or do in order to send a request for www.domain.com to server1.domain.com or server2.domain.com or server3.domain.com according to the load of each? it should look the same at the front end. anyone know what i need to get?
if it is possible to hide the Barracuda Load Balancer signature in headers ?
If you check here : [url]
or do a telnet 80 to that same FQDN and send "HEAD / HTTP/1.0" + "RETURN" you will be able to see in the headers the server signature (BarracudaHTTP 1.00).
I'm trying to find a solution but without any result so far,
This is the story: We have too server in Israel, in one server we have: Win 2003 STR that use for IIS (IBM RAID 5) And in the second we have: Win 2003 STR + SQL SERVER 2005 workgroup.
After 1 year running in Israel we like to go out to the world with our products.
This is what I think we need to do but we still don't figure how to that:
1. Still use the same server in Israel.
2. Buy more server outside Israel, Lets say UK and set a Load Balancer between the server in UK to Israel (both IIS and SQL).
3. In the Load balancer we like to set that if the user come from europe you will go to the server in UK and if he come from Israel you go the server there.
4. If one of the server we be go down all the the users will sends to the server outside there country.
5. In the future we like to add more server in the world on the same setting.
What do you say? how can I do something like that?
Anyone know of a hardware load balancer that can load balance my apache and mysql using one device? I mean right now I can use the ultra monkey for the load balancer the cluster mysql. But I want to go hardware.
I was thinking of F5 BIGIP? will that work? anyone know Please give me some choices..
On our production service, we've been getting numerous malformed POST requests to some of our CGI scripts that are showing up as 500 errors in our logs. They are malformed in the sense that the actual content length doesn't match the Content-Length specified in the request.
Here's the most trivial example I can come up with that reproduces the problem for us:
In addition to the 500 error in the access log, we see the corresponding error in the error log:
(70014)End of file found: Error reading request entity data
Based on the nature of the POST request and the error response, it does appear that Apache is doing the right thing here.
The POST never actually makes it as far as the script being targeted (/some_valid_alias in the above example); in other words, Apache returns 500 to the client, writes the error to the error log and never executes the script.
Is there a way to capture/avoid internal Apache errors like 70014, and return some other HTTP status besides 500 (like 403)? It's particularly annoying in our case, because our server sends us an email for all 500 errors.
So far, our best "defense" against these 500 errors is to disallow POST for these aliases, which normally just ignore the POST data anyway (when the request is not malformed):