osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL offloading for Virtual Routers / Loadbalancer


Hi Stephan,

We (Leaseweb in Netherlands) had some work on it. It is implemented by
network tags and lb tags.
Here is our KB:
https://kb.leaseweb.com/display/KB/Network%3A+CloudStack#Network:CloudStack-ConfiguringloadbalancerforanIPAddressofanIsolatedNetwork

-Wei

2018-04-12 10:23 GMT+02:00 Stephan Seitz <s.seitz@xxxxxxxxxxxxxxxxxxx>:

> Hi!
>
> We've got some projects where it would be very reasonable to have SSL
> offloading for https available at the loadbalancing component in the VR.
>
> Since loadbalancing is done via haproxy, that wouldn't be impossible to
> configure (at least for the haproxy.conf).
>
> I wonder if there's some documentation for the management <-> VR
> communication. IMHO we need to add
> - upload/update of ssl certs from the management node to the respective VR
> - configuring/updating SSL as additional LB method (besides the
> tcp-oproxy, tcp and udp methods)
> - some VR's feedback or canary code to inform the management node about
> the LB capabilities(?)
>
> It would be really nice if someone could share some information. How would
> you start that?
>
>
> Thanks!
>
> - Stephan
>