Neil Harris wrote:
You will need one IP address per HTTPS server name,
since you cannot
virtual-host HTTPS: however, there's nothing to stop a single machine
from having as many IP addresses as desired, and thus as many HTTPS
servers as desired. This also means that load-balance cannot "look into"
the encrypted HTTPS connection to see where to send the traffic to: it
will have to go by the destination IP address. However, HTTPS can still
be load-balanced, you just need a different external IP address for each
visible service, and one internal IP address for each HTTPS service on
each server within the load-balancing cloud.
HTTPS does support virtual hosting. You can have certificates with
wildcards, e.g. *.wikipedia.org, and you can even have certificates that
list multiple second-level domains. In theory we could even support
https://en.wikipedia.org/, by having LVS pass the traffic off to an SSL
proxy cluster, which forwards to the Florida squids via a secure tunnel.
-- Tim Starling