Hello,
I am not an expert, so I apologize if my question is unclear.
I have a problem with setting up a load balancer that supports ssl with a
valid certificate.
It works ok when I refer to the balancer members by a valid DNS name.
However, if I just put the IP address of the balancer members, I get
ERROR: certificate common name '*.mydomain.com' doesn't match
requested host name '52.26.53.37'.
I am following the load balancer sample config found here:
https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html
that I adapted to ssl, here is my ssl.conf :
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key
SSLCACertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt
ErrorLog /var/www/mydomain.com/logs/error.log
CustomLog /var/www/mydomain.com/logs/access.log combined
ProxyRequests off
<Proxy balancer://cluster>
# Using valid DNS names for the members works well
BalancerMember https://ws1.mydomain.com/
BalancerMember https://ws2.mydomain.com/
# Using the IP address of the members returns the certificate error
given above
#BalancerMember http://52.73.75.46/
#BalancerMember http://52.26.53.37/
ProxySet lbmethod=byrequests
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
# ProxyPreserveHost On
ProxyPass /balancer-manager !
ProxyPass / balancer://cluster/
</VirtualHost>
I would like to be able to use only the IP addresses so that I can add a
variable number of BalancerMember that I could start dynamically on a cloud
setup.
Using a DNS entry for each BalancerMember makes everything more complicated.
Is there a way to configure httpd so that only the load balancer servers
needs to have a valid certificate and a DNS name ?
All the balancerMembers behind the load balancer would exist only with
their IP address.
Thank you
Gilbert
