Hello..
I have the following configuration:
Internet -> Pound -> Varnish -> Apache(Drupal).
My intention is to us Varnish to cache, and loadbalance across a number of
webheads for requests that cannot be cached.
The reason for putting Pound on the outside edge, is to be the SSL terminator.
The problem I have run into, using either Pound 2.5.1 or 2.6.2 (From stock
Debian repositories) is that whist I can get the configuration to work, and
importantly, speed up page access (cached pages) on port 80, and have tested
this using apachebench, ab, the configuration of 443/SSL isn't going quite so
well.
I have set this up as follows
Pound (listen externalip:443) -> HTTP -> Varnish (127.0.0.1:8880) -> HTTP ->
Apache (127.0.0.20:80)
When I run ab against the external interface, with the FQDN of the site, I get
SSL Read Error, Connection Closed, but I can't figure out why.
I have tried to force various Cipher options, but still to no avail.
Can anyone help me in solving this.
P.S. - going to the site with a browser, there is no SSL issue (And this site
is using an EV certificate, and everything is nice and green as expected.)
Relevant section of pound.cfg
ListenHTTPS
Address 192.168.156.138
Port 443
Cert "/etc/pound/site1.pem"
SSLHonorCipherOrder 1
Ciphers "AES128-SHA:RC4:AES:CAMELLIA128-SHA"
#:!ADH:!aNULL:!DH:!EDH:!eNULL:!LOW:!SSLv2:!EXP:!NULL"
#Ciphers "AES-128:RC4:AES-256:Camellia-128"
#Client 20
# set X-Forwarded-Proto so D7 knows we're behind an HTTPS proxy.
HeadRemove "X-Forwarded-Proto"
AddHeader "X-Forwarded-Proto:https"
Service
BackEnd
Address 127.0.0.1
Port 8880
#Port 443
#HTTPS
#Priority 5
End
End
End
TIA.
Kieran
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
