ISPConfig and IP Failover configuration

Hello
I'm setting up an IP Failover configuration with 2 IPSC servers, following this recommandations :
https://docs.ovh.com/fr/dedicated/network-ipaliasing/
https://www.soyoustar.com/fr/ip-failover.xml
(case 2)

Regarding ISPC config I don't know if I have to enter the failover IP somewhere (IPZ)

• in server config,
• DNS config
• or Lets's encrypt conf?

Can someone help me with this?

 

I have an IPv4 failover for each of my servers. What I did was, the moment I had ISPC set up and running, to add the failover IP in System->Server IP addresses . There I also decided to disable the primary IP of the server, since I'm only using my failover IP, but this step is optional.

Be aware that some outgoing services, most notably postfix, might use both IPs indiscriminately, and you might not want that behavior when using SPF and DKIM. In my case I just had to tell postfix only use my desired outbound addresses with:

smtp_bind_address = your_failover_IPv4_address
smtp_bind_address6 = your_IPv6_address_if_you_use_one

EDIT: Next sentence in italic is compeltely wrong. Please ignore it: Keep in mind that these settings will be lost when you upgrade your ISPC installation. It would be a simple and nice addition to have this integrated in the ISPC panel but adding them after every update is not a big deal either.

 

Oh, you're right. My mistake. Editing it now

 

Hello
Thank you for replies and your recommendation.
Switching from IPSC server to another seems to work but there is a problem with LE certs.

But :
– One domain get the wrong certs
– After a renewing attempt (by checking/unchecking Let's Encrypt SSL checkbox) I get :
SSL_ERROR_RX_TOO_LONG

-- Some website have IPV6 DNS should I disabled it ?
-- There are some secondary DNS configured in SoYouStart manager (pointing to the active server IP, not the IPFO IP)
-- Also I don't know if to have LE cert enabled on the two servers with the same domains can be a problem, or not ?

-- Currently I didn't put the IPFO anywhere in ISPC

 

Your two ISPC instances has only your IPFO in system settings in System > IP adresses ?

 

* fir IP address both
in site settings and server settings ?

 

Thank you for your replies.
Regarding LE certs I don't know exactly if I can keep LE certs enabled on the backup server -- and if changes on the backup server regarding LE certs can have an impact on the production server. Certs files are generated on each servers but I don't know if cert status or other certs related data are recorded elsewhere...

 

Thanks for your replies.
In the SouYoustart manager it is possible to add secondary DNS but domains can only be linked to physical servers names/IPs, not to the IPFO IP itself.
Should I define DNS entries for the active (main server) or remove all secondary DNS here ?