Hi all, First post to the list, Pounder newcomer here!
I have a Pound proxy providing SSL off-load for HAProxy (they are installed on the same server, Pound passes request onto HAproxy over the 127.0.0.1 loop-back address). I have some HTTP servers all hosting the same sites behind this load-balancer. I would like for a couple of them to use SSL. The only way I could see to have more than one SSL site behind this Pound box was to assign multiple IPs to the box and set up a different HTTPS listening on each IP, but this isn't very scalable or IP conservative. Then. I saw the following text on the Pound website: Update June 2010: starting with with the 2.6 series, Pound has SNI support, if your OpenSSL version supports it. Basically you supply Pound with several certificates, one for each virtual host (wild card certificates - as described above - are allowed). On connecting the client signals to which server it wants to talk, and Pound searches among its certificates which would fit. Not all versions of OpenSSL and not all clients support this mode, but if available it allows for virtual hosts over HTTPS. Can anyone provide me with a configuration example of how I can achieve this, or the correct direction to be looking in? Many thanks, James. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
