I need help on a project i'm working on for my job to configure MNET with an haproxy server in front of my servers.
My network is :
- haproxy configure with SSL terminaison, So it manages the HTTPS communication then pass the rest of the communication to the web servers in HTTP (configure with sslproxy = 1). The haproxy has a wildcard certificate for the domain so all the moodle shared it too.
so in example : *.example.com
I got 6 web servers to accept loadbalancing and failover with a shared memcached server for application datas. It working like a charm with 4 moodle installed.
so in example : moodle1.example.com, moodle2.example.com, moodle3.example.com and moodle4.example.com.
But now my MNET configuration is over and I would like to configure MNET for these 4 moodles.
When I connect to my moodles, MNET generating is own public key with these own informations. Then if i connect to another moodle to add a site, i got this error :
The public key you are holding for this host is different from the public key it is currently publishing
I think, when i ask to my first moodle to connect to the second, it asks the pub key generated by the MNET configuration but it's the public key of my haproxy who is received.
Someone knows how to use MNET on a shared network with multiple moodle ?
Thanks in adavance for all you help.
Have a nice week-end !
Sorry, I got a new question more simple and will may respond to all the others.
Does MNET accept public key generating by a wildcard certificate ? I got another error an my moodle "B" when i try to add the moodle "A" :
La clef n'est pas une clef SSL valide. (4: Le sujet du certificat :
ne correspond pas au serveur d'où il provient :
Thank you very much again !
After reading the source code of the mnet plugin, I understand I go in the wrong way and as says the documentation, it doesn't exist relation between apache and his certificate with certificates generated by MNET.
If i say right, both servers Moodle try to communicate with there URI /mnet/xmlrpc/server.php to learn about services and get the pubkeys. So, the servers need to generate their own self-generated certificate and I must not use the haproxy's one.
It seems in my own example, it may be a simple IP routing that not allow servers to contact themselves because when I curl this URI from Internet, i got an HTML page answer from web servers and from inside i got "access denied" but not answered by web servers.
I'm talking with my web hosting about this issue.
Have a nice week-end !
et voilà, that is all good and it was simply a routing IP trouble !
My mistake come from the error message displayed by the MNET plugin who didn't warn me that curl was not allowed to get the URL /mnet/xmlrpc/server.php.
So when you got trouble with certificates, try with your server (where apache is) to get this url with CURL first ! ;)
Have a good day.