Hi All,
I have proprietary appliance that the users reach via https, this all
works fine except that I would like to change the default HTTP Keep-Alive:
Timeout value from 15 seconds to a higher value, but the appliance does
not support changing the value, and the vendor has made clear that they
will not implement this functionality. The reason i want to change this is
to minimize the number of SSL renegotiations needed between client and
server, thus saving roundtrips. According to our CDP we need to set this
value to 300 seconds to get the best optimization results from their
network.
Since we cannot change the value directly in the appliance I have set up
pound to terminate SSL in front of the appliance like this;
[ Users ] <- HTTPS over CDP network -> [ Pound ] <- HTTPS over local
network -> [ Appliance; "Keep-alive: timeout=15" ]
This works as expected, but my keep-alive value is 15 sec through out the
hole chain, I cannot figure out how to configure Pound to make my
connection persist longer. I would like to achieve something like this;
[ Users ] <- HTTPS over CDP network -> [ "Keep-alive: timeout=300" Pound
"Keep-alive: timeout=15" ] <- HTTPS over local network -> [ Appliance;
"Keep-alive: timeout=15" ]
So that the SSL connection between the client (over the CDP network) and
Pound has a timeout value of 300 sec.
I have spent hours reading and testing and cannot figure this out. The
timeout value in the response header does not change. My header looks like
this right now;
---------------------------------------------------------------------------
--------
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:lastRealm=testrlm; DSID=f96df1952313023286b5a81e79486752;
DSFirstAccess=1349470232; DSLastAccess=1349470232
Host:abcde.se.xxxx.yyy
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5)
AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2
Response Headers
Cache-Control:no-store
Connection:Keep-Alive
Content-Encoding:gzip
Content-Type:text/html; charset=utf-8
Date:Sat, 06 Oct 2012 11:57:49 GMT
Expires:-1
--> Keep-Alive:timeout=15
Pragma:no-cache
Transfer-Encoding:chunked
---------------------------------------------------------------------------
--------
I have made this work with Apache, with the following configuration;
---------------------------------------------------------------------------
--------
/etc/apache2/apache2.conf
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 300
/etc/apache2/sites-available/keepalive
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/cert/server.crt
SSLCertificateKeyFile /etc/apache2/cert/server.key
ServerName virtualxx.vimebiz.xxxx.yyy
DocumentRoot /var/www/keepalive
<Location />
Options Indexes FollowSymLinks MultiViews
Order allow,deny
allow from all
</Location>
<Directory /var/www/keepalive>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Order allow,deny
allow from all
</Directory>
SSLProxyEngine on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://abcde.se.xxxx.yyy/
ProxyPassReverse / https://abcde.se.xxxx.yyy/
ErrorLog /var/log/apache2/keepalive/error.log
LogLevel warn
CustomLog /var/log/apache2/keepalive/access.log combined
---------------------------------------------------------------------------
--------
Is what I am trying to do possible with Pound? If not should I stick with
Apache or does anyone have any other suggestions?
Best Regards,
//Dan Lundstrom
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
