lost and found ( for me ? )

Zen loadbalancer : how to encode/decode HTTPS with Zen LB

Here’s an explanation of how to configure encode/decode HTTPS traffic.

network topology

    <- https ->       <- http ->
Client ----------- Zen LB -------------- Server


- create a FARM for HTTPS loadbalancing ( FARM is similar to F5 LTM’s Virtual Servers )

Manage -> Farms -> Add new FARM





specify VIP , port number for HTTPS loadbalancing




- configure farm01-https




add a service ( service is similar to F5 LTM’s node/pool )
I’ll use “zencert.pem” as SSL cert/keys , which is self certification provided by Zen LB by deault.



- configure service “service01-farm01-https”

specify real servers IP and port number

- access to the HTTPS’s VIP (192.168.10.131 )from the client

nnn , the service is not available … why ?

When returning this message to the client ,it means that there are no services to load balance.

The following is Zen LB’s log when accessing to ZenLB’s VIP over HTTPS
zenlb-01 pound: (b72d8b70) e503 no service "GET / HTTP/1.1" from x.x.x.x


after disabling/enabling Farm “farm01-https” , I was able to access to VIP

disable the FARM

enable the FARM


I’ve created two FARMS , one is for HTTP load balancing , the other is for HTTPS.
HTTP LB processes PID 25840 , HTTPS processes PID 26529.

So you would trace how many CPU/Memory resources FARMS ( virtual servers ) consume from PID.


[ small tips ]

configuration files are stored under /usr/local/zenloadbalancer/config directory.
# pwd
/usr/local/zenloadbalancer/config

# ls
farm01-https_Err414.html                           farm01_pen.cfg
farm01-https_Err500.html                           fwmarks.conf
farm01-https_Err501.html                           global.conf
farm01-https_Err503.html                           if_eth0:0_conf
farm01-https_pound.cfg                             if_eth0_conf
farm01-https_service01-farm01-https_guardian.conf  if_eth1_conf
farm01-https_status.cfg                            zencert.pem
farm01_guardian.conf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.