Re: SSL offloading for Virtual Routers / Loadbalancer
Thank's for your feedback Wei!
I'll dscuss the configuration via tags/values with some collegues, but I think that's a very practical way of configuring some LB specialities.
AFAIK there'll be some changes necessary to the codebase. Have you've done that changes internally or do I live in an ideal world and it's available maybe as pullrequest on github?
In short, may we use that work? :)
Am Donnerstag, den 12.04.2018, 10:59 +0200 schrieb Wei ZHOU:
> Hi Stephan,
> We (Leaseweb in Netherlands) had some work on it. It is implemented by
> network tags and lb tags.
> Here is our KB:
> 2018-04-12 10:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:
> > Hi!
> > We've got some projects where it would be very reasonable to have SSL
> > offloading for https available at the loadbalancing component in the VR.
> > Since loadbalancing is done via haproxy, that wouldn't be impossible to
> > configure (at least for the haproxy.conf).
> > I wonder if there's some documentation for the management <-> VR
> > communication. IMHO we need to add
> > - upload/update of ssl certs from the management node to the respective VR
> > - configuring/updating SSL as additional LB method (besides the
> > tcp-oproxy, tcp and udp methods)
> > - some VR's feedback or canary code to inform the management node about
> > the LB capabilities(?)
> > It would be really nice if someone could share some information. How would
> > you start that?
> > Thanks!
> > - Stephan
Mit freundlichen Grüßen,
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin
Tel: 030 / 405051-44
Fax: 030 / 405051-19
Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht
Geschäftsführer: Peer Heinlein -- Sitz: Berlin
Description: This is a digitally signed message part