We currently host multiple sitecore sites on a rackspace cloud server, we have 5 sites, with 5 IPs and with 5 SSLs. Because rackspace will only allow 4 additional IPv4 addresses on a box we’re at the limit of what we can do. Also with Sitecore licencing costs being somewhat astronomical we’re trying to investigate how we can expand our solution without having to purchase another software licence.
Our setup is currently simple,
- 1 Rackspace cloud Server
- www.1site1.com x.x.x.1 SSL1
- www.2site2.com x.x.x.2 SSL2
- www.3site3.com x.x.x.3 SSL3
- www.4site4.com x.x.x.4 SSL4
- www.5site5.com x.x.x.5 SSL5
I’ve been reading this – http://digital.bigfish.co.uk/2012/04/ssl-in-the-rackspace-cloud/ and I’m now confused over what a load balancer could and couldn’t enable us to achieve. In theory it sounds like a great solution to our problem – but I may not be understanding it all correctly.
If we were to use an SSL Terminating LB, would we be able to have all these sites on the one cloud server, with all their respective SSLs on the LB?
- Rackspace SSL Terminating Load Balancer [SSL1 SSL2 SSL3 SSL4 SSL5]
- Rackspace Cloud Server [ site1 site2 site3 site4 site5 ]
Or does the Load Balancer expect multiple cloud servers each with their own SSL as opposed to separate sites on one box.
Likewise if we went the other way of having a LB for HTTP and a LB for HTTPS, would they all tie to one external IP and effectively listen to the same port 443 before directing internally
- 18.104.22.168 Port 80 HTTP (LB1)
- 22.214.171.124 Port 443 HTTPS (LB2)
- Cloud Server Port 443 – www.1site1.com
- 126.96.36.199 Port 443 HTTPS (LB3)
- Cloud Server Port 444 – www.2site2.com
- 188.8.131.52 Port 443 HTTPS (LB4)
- Cloud Server Port 445 – www.3site3.com
- 184.108.40.206 Port 443 HTTPS (LB5)
- Cloud Server Port 446 – www.4site4.com
- 220.127.116.11 Port 443 HTTPS (LB6)
- Cloud Server Port 447 – www.5site5.com
Or would we need separate IPs for each – therefore not changing the current (IP Limited) situation at all.
Yes, you can use SNI if your load balancer supports it (and your traffic from Windows XP users is minimal), but you really should be accelerating your IPv6 deployment for a long-term solution.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.