So this is really going to be a short article, we are building off of a model that has completed 90% of the work for us already. You will need to have already created the load balancer from Simple Load Balancing and have a working title=”View all articles about SSL certificate here”>SSL certificate from Installing an SSL certificate. I’ll be running this from a 256M title=”View all articles about CentOS here”>CentOS box for testing purposes.
The SSL addition
To pass SSL to your Proxy you only need to add the following lines to the config file. Keep in mind that you will need to change the path to were ever it is that you keep your ssl.crt and ssl.key files. Its almost a little anti-climatic, using this type of setup will keep the load of encrypting your traffic off of your webheads.
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.com.key
Final Virtual Host
Here is the final Virtual Host:
NameVirtualHost 188.8.131.52:443 <VirtualHost 184.108.40.206:443> ProxyRequests off ServerName domain.com <Proxy balancer://mycluster> # WebHead1 BalancerMember http://10.176.42.144:80 # WebHead2 BalancerMember http://10.176.42.148:80 # Security "technically we aren't blocking # anyone but this the place to make those # chages Order Deny,Allow Deny from none Allow from all # Load Balancer Settings # We will be configuring a simple Round # Robin style load balancer. This means # that all webheads take an equal share of # of the load. ProxySet lbmethod=byrequests </Proxy> # balancer-manager # This tool is built into the mod_proxy_balancer # module and will allow you to do some simple # modifications to the balanced group via a gui # web interface. <Location /balancer-manager> SetHandler balancer-manager # I recommend locking this one down to your # your office Order deny,allow Allow from all </Location> # Point of Balance # This setting will allow to explicitly name the # the location in the site that we want to be # balanced, in this example we will balance "/" # or everything in the site. ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ # mod_ssl # Here is the information that will allow you to Encrypt your # traffic behind the load balancer. Not a whole big change # but it will get you up and running. SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.com.key </VirtualHost>