Hello all, I'm looking into using Pound as a reverse proxy for my SSL-enabled webservers, and I have a couple questions for you:
I know Pound can function very well as a reverse proxy in front of several back-end webservers. Pound can also manage the encryption certificates itself. What if I want to manage the certificates on the webservers themselves instead? We already have a group of webservers running HTTPS and the webserver team handles certificate management on their own servers, so I merely want to pass the SSL requests intact, without modification, to the servers inside, who will handle all encryption/decryption themselves. Is this possible? A diagram would be: [client] -> [ https://poundserver:443 <https://poundserver/> ] -> [ https://internalserver:443 <https://internalserver/> ] The second question is about virtual hosting. The pound documentation indicates that you can't virtual host SSL websites. If I use IP based virtual hosts and have a single IP address for each internal server, is it possible to virtual host multiple SSL websites on a single Pound server? I assume this would eliminate the problem of having to decrypt the HTTP GET request and parse the URL. You could simply redirect all traffic to a particular IP address to it's corresponding internal server. Thanks in advance for your answers to these questions. Regards, Luke Youngblood -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
