Hi, I just got Pound up and running and have a few questions based on what I think I know from scouring the mailing list archives.
Firstly, amazing piece of software :) Threads - we're putting Pound in front of an Exchange box to handle OWA, ActiveSync, and RPC over HTTPS traffic. We have a few hundred users and using the default 128 threads things soon seemd to grind to a halt and I found that upping the threads to 512 seems fine, but it doesn't seem very scientific - what is the suggested way to determine how many threads are needed please? Sanitizing - the website says Pound "sanitizes" HTML, any info on what it looks for and/or strips out please? Debian - is 2.7 is in the pipeline anywhere as with 2.6 I can only get a "B" on SSL Labs due to 1024 DHE keys in the .deb - maybe not a question for here. I did follow this guide and appear to have a working 2.7 package with 2048 bit DH - be interested in any thoughts on if it's doomed to fail http://blog.fili.nl/updating-a-debian-package-with-a-new-upstream-release/ Lastly, any suggestions on anything obvious that I've missed please? :) ## pound.cfg ###################################################################### ## global options: User "www-data" Group "www-data" #RootJail "/chroot/pound" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 3 ## check backend every X secs: Alive 30 ## use hardware-accelleration card supported by openssl(1): #SSLEngine "" # poundctl control socket Control "/var/run/pound/poundctl.socket" # additional settings Threads 512 IgnoreCase 1 Grace 3 TimeOut 3600 ###################################################################### ## https (443) ListenHTTPS Address 1.2.3.4 Port 443 Cert "/etc/ssl/cert.pem" Ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA" SSLHonorCipherOrder 1 xHTTP 4 Client 60 Service "Exchange" URL "^/autodiscover|^/ecp|^/ews|^/exchange|^/exchweb|^/microsoft-server-activesync|^/oab|^/owa|^/public|^/rpc|^/rpcwithcert" HeadRequire "Host: .*(autodiscover.domain.com|mail.domain.com).*" Backend Address 2.3.4.5 Port 443 HTTPS End End Service "www-443" Redirect "http://www.corp dot com/" End End
