Forum Discussion
mnabih80_221446
Nimbostratus
NimbostratusHTTPS
Greetings,
I was able to configure linerate as reverse proxy and replicate HTTP traffice and it works greart but now i need to replicate HTTPS traffice but HTTPS traffice didnt pass from line rate to the real server ..
could you please help me with that its really critical?
Thanks..
It looks like there are two things you need to modify here in your config:
- setting the service types to HTTP from TCP on all VIPs/VSs/RSs
- configure the virtual server VIPs to be defaults
Here is a summary of what you will need to update in the configuration. Keep in mind, you will need to admin-offline these items before being able to change service type.
virtual-server vsSecondary attach virtual-ip vipSecondary default virtual-server vsSecondary1 service http attach virtual-ip vipsecondary1 default real-server rss-rep1 service http virtual-ip vipsecondary1 service http virtual-server Webssilo1 attach virtual-ip vipsweb1 defaultDoing this, I was able to replicate your configuration and successfully pass traffic to the original servers and replication servers for both HTTP and HTTPS. This should get you up and running, too.
Hello mnabih80, are you having issues sending traffic to both the "Original Real Servers" and the "Replication Real Servers" or just one of them?
One thing you can check would be to ensure SSL Profiles are attached to:
- the incoming Virtual IP
- the original Real Servers
- the replication Real Servers
These links may be helpful for checking the ssl profile configuration:
Real Server: attach ssl profile
Virtual IP: attach ssl profile
mnabih80_221446Hello Andrew , Thanks for your support. I'm having an issue to the orginal real server i'm receivng the warrnning for the certificate that mean it's attacheded well but once i conifmr to access the site it give me 404 not found.
i've attached the ssl profile to the VIP and real server i still didn't check the replicaiton yet , i don't know if the orignal node.js will work also with https traffic or i need to attach it to the vip for ssl traffic.
Thanks
Take a look at your Virtual Server config and make sure the vip you have attached is "default." This is a common issue that will cause 404s if everything else is otherwise configured properly. Basically "default" says "any request that comes in and does not hit a virtual server with a particular hostname, go here." This is especially important for requests going to a raw IP address without a hostname. Here's an example config:
! virtual-server vs1 service http attach virtual-ip vip1 default attach real-server group reals !More information on this can be found here in the docs.
If this doesn't work for you, can you reply with your VIP/VS/RS config so we can try and understand your environment's configuration?
- mnabih80_221446
Thanks Andrew for you wonderfull support , i solved this issue by change the service type of VS and VIP and RS from http to TCP .
the last annoying sept os to replicate the HTTPS traffic , i was able to replicate http traffic by using the customized Node.js and it works great , but with HTTPs i don't know to do it .
i tried to change each http word wit hhttps and create vsecondy1 and loop back ip on a diffrent port and RS that i need to replicate traffic but nothing works .
can you help me with that ?
You may want to see if you can get the HTTP service type working for your setup. TCP will work for system-based load balancing, but right now only HTTP traffic can be modified with nodeJS scripts.
Once you get a HTTP-based setup working, as it looks like you noticed, the HTTPS module in node would need to be used instead of HTTP to replicate requests. More info can be found here including an example of how to do https.request().
Let me know if this works for you.
- mnabih80_221446
could you please join me a gotomeeting session to check it with me , i don't need to be annoying but i have to finish the full today :( my mail nour_edden@yahoo.com reply me to send you the invitation if you are agree .
- I understand that you might need to figure out a POC quickly, but it is best that we communicate here on DevCentral so that other customers may benefit from the solution and troubleshooting process. Please post what you've found works and does not work based on my latest post and we can work through the issues from there.
- mnabih80_221446
https replication is ok now but i don't know why http replication stopped , i use the same loop back ip but with diffrent ports at both vip seconday
- Do you have your config and node code handy to try and figure out what is going on? Snippets of the config are ok, as long as they provide VIP/VS/RS info.
- So to make sure I understand, the HTTPS replication script is working ("TrafficS-replication") but not HTTP replication (script "traffic-replication")?
- mnabih80_221446Exactly. .it was working before https worked
- mnabih80_221446
ip dns name-server 8.8.8.8 8.8.4.4 admin-status online ! phone-home userid "admin" secret encrypted "TxHkBemi7Yg=" ! interface em0 mtu 1500 ip address dhcp ip address 192.168.10.25 255.255.255.0 ! interface em1 mtu 1500 --More-- Building configuration...
! hostname LROS !
! ip dns name-server 8.8.8.8 8.8.4.4 admin-status online !
interface em0 mtu 1500 ip address dhcp ip address 192.168.10.25 255.255.255.0 ! interface em1 mtu 1500 no ip dhcp client request router ip address dhcp ip address 192.168.10.26 255.255.255.0 ! interface em2 mtu 1500 no ip dhcp client request router ip address dhcp ip address 192.168.10.5 255.255.255.0 ! ip route 0.0.0.0/0 192.168.10.251 ! ssl profile self-signed attach certificate self-signed attach key self-signed ! ssl profile ssl1 attach primary-certificate ssl-cert attach private-key ssl-key attach chain-certificate bundle cert-b ! ssl profile ssl_prof_init1 ! ssl profile ssl_prof.com attach certificate cert_prim.com attach key key.com attach chain-certificate cert_chain.com ! real-server base rsbase_web max-connections 1000 service http response-timeout 60 response-idle-timeout 60 keepalive-timeout 10 admin-status online ! real-server rs-rep1 ip 192.168.10.53 80 base rsbase_web real-server rss-rep1 ip address 192.168.10.53 443 service tcp attach ssl profile ssl1 admin-status online ! real-server rssweb1 ip address 192.168.10.3 443 service http attach ssl profile ssl1 admin-status online ! real-server rsweb1 ip 192.168.10.3 80 base rsbase_web ! ! virtual-ip vipSecondary ip address 127.0.0.1 15000 service http admin-status online ! virtual-ip vipsecondary1 ip address 127.0.0.1 18000 service tcp admin-status online ! virtual-ip vipsweb1 ip address 192.168.10.26 443 attach ssl profile ssl1 service http admin-status online ! virtual-ip vipweb1 ip address 192.168.10.26 80 admin-status online ! real-server group rsgroup_rep members by regex "rs-rep1" ! real-server group rsgroup_test members by regex "rsweb.*" members by regex "rs1" members by regex "rsweb1" ! virtual-server Webssilo1 service http attach virtual-ip vipsweb1 attach real-server rssweb1 weight 0 ! virtual-server vsSecondary lb-algorithm round-robin service http attach virtual-ip vipSecondary attach real-server rs-rep1 weight 0 ! virtual-server vsSecondary1 service tcp attach virtual-ip vipsecondary1 attach real-server rss-rep1 weight 0 ! virtual-server websilo1 lb-algorithm round-robin service http attach virtual-ip vipweb1 default attach real-server rsweb1 weight 0 ! ssh allow from any allow to any 22 ! rest-server allow from any allow to any 8443 attach ssl profile self-signed ! script TrafficS-replication source inline "ENDWORD_TrafficS-replication" var vsm = require('lrs/virtualServerModule'); var https = require('https');
function ReplicateTraffic(scenarioName, primaryVSName, secondaryPort) { var self = this; self.primaryVS = primaryVSName; self.port = secondaryPort;
//We need a secondary port that we expect is a loopback virtual IP that //goes to the secondary virtual server like this: // //virtual-server vsSecondary // attach vipSecondary default // attach real-server group ... !your secondary servers here // //virtual-ip vipSecondary // admin-status online // ip address 127.0.0.1 15000 !15000 is the secondary port // // vsm.on('exist', primaryVSName, function(vs) { vs.on('request', function(req, res, next) { self.replicate(req, res, next); }); });}
ReplicateTraffic.prototype.cloneReq = function(req) { var newReq = https.request({ host: "127.0.0.1", port: this.port, method: req.method, path: req.url, headers: req.headers}, function() {}); return newReq; }
ReplicateTraffic.prototype.replicate = function(req, res, next) { if(req.method == 'GET' || req.method == 'HEAD') { // Only do GET and HEAD var newReq = this.cloneReq(req); // Loop request through a dummy vip newReq.on('response', function(res) { console.log('saw B resp'); }); newReq.end(); } next(); }
var repl = new ReplicateTraffic("xxx", 'Webssilo1', 18000); ENDWORD_TrafficS-replication admin-status online attach certificate bundle cert-b ! script traffic-replication source inline "ENDWORD_traffic-replication" var vsm = require('lrs/virtualServerModule'); var http = require('http');
function ReplicateTraffic(scenarioName, primaryVSName, secondaryPort) { var self = this; self.primaryVS = primaryVSName; self.port = secondaryPort;
//We need a secondary port that we expect is a loopback virtual IP that //goes to the secondary virtual server like this: // //virtual-server vsSecondary // attach vipSecondary default // attach real-server group ... !your secondary servers here // //virtual-ip vipSecondary // admin-status online // ip address 127.0.0.1 15000 !15000 is the secondary port // // vsm.on('exist', primaryVSName, function(vs) { vs.on('request', function(req, res, next) { self.replicate(req, res, next); }); });}
ReplicateTraffic.prototype.cloneReq = function(req) { var newReq = http.request({ host: "127.0.0.1", port: this.port, method: req.method, path: req.url, headers: req.headers}, function() {}); return newReq; }
ReplicateTraffic.prototype.replicate = function(req, res, next) { if(req.method == 'GET' || req.method == 'HEAD') { // Only do GET and HEAD var newReq = this.cloneReq(req); // Loop request through a dummy vip newReq.on('response', function(res) { console.log('saw B resp'); }); newReq.end(); } next(); }
var repl = new ReplicateTraffic("xxx", 'websilo1', 15000); ENDWORD_traffic-replication admin-status online attach certificate bundle cert-b !
It looks like there are two things you need to modify here in your config:
- setting the service types to HTTP from TCP on all VIPs/VSs/RSs
- configure the virtual server VIPs to be defaults
Here is a summary of what you will need to update in the configuration. Keep in mind, you will need to admin-offline these items before being able to change service type.
virtual-server vsSecondary attach virtual-ip vipSecondary default virtual-server vsSecondary1 service http attach virtual-ip vipsecondary1 default real-server rss-rep1 service http virtual-ip vipsecondary1 service http virtual-server Webssilo1 attach virtual-ip vipsweb1 defaultDoing this, I was able to replicate your configuration and successfully pass traffic to the original servers and replication servers for both HTTP and HTTPS. This should get you up and running, too.
- mnabih80_221446great it works
- mnabih80_221446
So what,s up?