Setting up a load balancer with https and a valid certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I am not an expert, so I apologize if my question is unclear.

I have a problem with setting up a load balancer that supports ssl with a valid certificate.

It works ok when I refer to the balancer members by a valid DNS name.
However, if I just put the IP address of the balancer members, I get 

        ERROR: certificate common name '*.mydomain.com' doesn't match requested host name '52.26.53.37'.

I am following the load balancer sample config found here:
        https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html  

that I adapted to ssl, here is my ssl.conf :

<VirtualHost *:443>
     SSLEngine On
     SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt
     SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key
     SSLCACertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt

     ErrorLog /var/www/mydomain.com/logs/error.log
     CustomLog /var/www/mydomain.com/logs/access.log combined

     ProxyRequests off
     <Proxy balancer://cluster>

       # Using valid DNS names for the members works well
       BalancerMember https://ws1.mydomain.com/
       BalancerMember https://ws2.mydomain.com/

       # Using the IP address of the members returns the certificate error given above
       #BalancerMember http://52.73.75.46/
       #BalancerMember http://52.26.53.37/

       ProxySet lbmethod=byrequests
     </Proxy>

     <Location /balancer-manager>
        SetHandler balancer-manager
     </Location>

     # ProxyPreserveHost On
     ProxyPass /balancer-manager !
     ProxyPass / balancer://cluster/

</VirtualHost>

I would like to be able to use only the IP addresses so that I can add a variable number of BalancerMember that I could start dynamically on a cloud setup.
Using a DNS entry for each BalancerMember makes everything more complicated.

Is there a way to configure httpd so that only the load balancer servers needs to have a valid certificate and a DNS name ?
All the balancerMembers behind the load balancer would exist only with their IP address.

Thank you 

Gilbert

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux