Is there a Linux HA software load balancer that serves HTTPS for multiple unrelated domain names but balances to a single web server cluster?

https ssl load-balancing saas multi-tenancy

Update 2017-09-13: SNI has now become prevalent enough in the mainstream browsers that it can probably be used to address the request, and this answer should be considered out of date.

 

The only way to support this is to have an IP for each of your clients. When you connect via https, the connection is encrypted immediately, there's no chance for the browser to say "I'm here for foo.tenantA.com". So the only way for the server to know which SSL cert should be used to encrypt the connection is based on the IP that the connection came in on.

Now this is still possible, but it means that youre going to need a lot of IPs. We actually do this exact setup at my work. We have 2 active/active load balancers, with half the IPs on one balancer, the other half on the other balancer (a total of around 500 IPs). Then we have several web servers on the back end that take all the connections. Any web server can fail and the load balancer will stop sending it connections. Or the load balancer itself can fail and the other will take all of its IPs.
The load balancing software that does this is Pacemaker and ldirectord (both are mainstream projects and whatever distro you run should have them in its repository). The Linux kernel itself is the one that actually does the load balancing, the software is just responsible for handling failovers.

Note: For load balancing, there are lots of alternatives to ldirectord, such as keepalived and surealived. Though for the actual load balancer failover software, pacemaker is what you should be using.

Basic guides:

  • This will provide basic instructions for getting pacemaker configured. You can skip past all the previous stuff as CMAN is its replacement. The only thing you need to do at all to get up to that point in the guide is to install pacemaker and its dependencies. Stop at section 8.2.4. You do not need to go on to section 8.3 as thats not relevant to what youre doing.

  • Once you have pacemaker working, this will provide a very basic configuration to load balance a http server.

  • You might also look at this and this. Its more of a higher level overview of pacemaker, what it does, and how to use it.

Related

getting a 403 error
Mixing SPF records
Adding QR Codes to Exclaimer
Loop redirect when ping my gateway
Haproxy graceful reload
Only serve requests to a specific domain?
Resetting SP password using jumper P20 doesn't work on Sun Fire x4600 M2
lighttpd - use different document-root for diff url
Who's consuming the most network bandwitdth?
Deleting blocked caused by thumb.db on Windows 2008 as a file server
Windows 7 network fallback from LAN to WiFi
postfix manually bounce messages