ssl between balancer members?

Posted by jemminger on Server Fault See other posts from Server Fault or by jemminger
Published on 2011-05-04T17:54:13Z Indexed on 2012/06/25 3:18 UTC
Read the original article Hit count: 455

Filed under:
|
|

I have apache running on one machine as a load balancer:

<VirtualHost *:443>
  ServerName    ssl.example.com
  DocumentRoot  /home/example/public

  SSLEngine             on
  SSLCertificateFile    /etc/pki/tls/certs/example.crt
  SSLCertificateKeyFile /etc/pki/tls/private/example.key

  <Proxy balancer://myappcluster>
    BalancerMember http://app1.example.com:12345 route=app1
    BalancerMember http://app2.example.com:12345 route=app2
  </Proxy>

  ProxyPass         / balancer://myappcluster/ stickysession=_myapp_session
  ProxyPassReverse  / balancer://myappcluster/

</VirtualHost>

Note that the balancer takes requests under SSL port 443, but then communicates to the balancer members on a non-ssl port. Is it possible to have the forwarding to the balancer members be under SSL too?

If so, is this the best/recommended way?

If so, do I have to have another SSL cert for each balancer member?

Does the SSLProxyEngine directive have anything to do with this?

© Server Fault or respective owner

Related posts about apache2

Related posts about ssl