I'm not aware of any hints and tips for proxying SSL connections. I use this
myself extensively, but we have a "wildcard" certificate from Thawte which
helps.
I believe that the connection between your real world server and your
internal server will be "persisent", ie it doesn't have to be renegotiated
with every request. However, I've never ran ssldump or anything like that to
check. I'm probably not curious enough.
One hint I would give you is to make sure that cgi is disabled on the real
world server. Otherwise you'll find that the outside scripts are executed if
any, rather than the one inside. To do this, remove any ScriptAlias
directives from the outside machine. However, if you need scripting on the
outside machine, make sure the ScriptAlias differs on each machine (but you
can still use the same directories on each machine if you wish).
Also, I have yet to find a working method that allows name based hosting on
the inside host to work when name based hosting isn't used on the outside
host. That means that currently every external site with a different IP
address must have a direct connection to a single IP address inside. Of
course, as you are using SSL you'll need to do that anyway. But this also
applies to non-SSL sites.
If you need any further help mail me off the list. I'll be happy to help.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
