perlbal hangs with my two load balanced webservers over SSL but is okay via port 80

10 views
Skip to first unread message

Barce

unread,
Mar 4, 2009, 8:16:32 PM3/4/09
to perlbal
Hey Folks,

I've set up my perlbal.conf like so:


If I replace the ports on lines 21 and 22 with 80 perlbal works, but
when they are configured with port 443, it doesn't work.

Instead the browser just hangs.

Has anybody else run into this?

Is my perlbal.conf file set up wrong for SSL? Or do I just have to
make sure the backend servers run on port 80?

Mark Smith

unread,
Mar 4, 2009, 8:20:23 PM3/4/09
to per...@googlegroups.com
> I've set up my perlbal.conf like so:
>
>
> If I replace the ports on lines 21 and 22 with 80 perlbal works, but
> when they are configured with port 443, it doesn't work.

Your perlbal configuration is empty and unlikely to work. ;-)


--
Mark Smith / xb95
smi...@gmail.com

Barce

unread,
Mar 4, 2009, 8:22:08 PM3/4/09
to perlbal
Bummer. Gmail totally stripped out the url.

Here's the url the http part :

pastie.org/407840

Mark Smith

unread,
Mar 4, 2009, 8:27:27 PM3/4/09
to per...@googlegroups.com
> I've set up my perlbal.conf like so:
>
> http://pastie.org/407840

>
> If I replace the ports on lines 21 and 22 with 80 perlbal works, but
> when they are configured with port 443, it doesn't work.
>
> Instead the browser just hangs.
>
> Has anybody else run into this?
>
> Is my perlbal.conf file set up wrong for SSL? Or do I just have to
> make sure the backend servers run on port 80?

Perlbal in SSL mode acts as an SSL unwrapper.

This means that you need to configure Apache as if there's no SSL
involved whatsoever. Apache will be on port 80 (or some other port -
but probably not 443!), Apache will NOT be configured to handle SSL,
etc.

1) User sends SSL request to Perlbal
2) Perlbal unwraps SSL, ends up with plain HTTP
3) Perlbal makes load balancing decision on where to send request
4) Request arrives at backend Apache in plain HTTP

You can configure Perlbal to insert a header (X-Is-SSL or something)
with the HEADER command on your ssl_proxy service. Then in your
backend application you can check for this header to determine that
Perlbal is speaking SSL to the enduser.

Make sense?

Ask Bjørn Hansen

unread,
Mar 4, 2009, 8:30:56 PM3/4/09
to per...@googlegroups.com

On Mar 4, 2009, at 17:16, Barce wrote:

> If I replace the ports on lines 21 and 22 with 80 perlbal works, but
> when they are configured with port 443, it doesn't work.

Perlbal does the SSL to the client (if so configured), but always does
plaintext to the backend servers.


- ask

--
http://develooper.com/ - http://askask.com/


Reply all
Reply to author
Forward
0 new messages