Re: Haproxy support for HTTPS (SSL) backend servers
On Mon, Oct 18, 2010 at 07:00:37PM +0300, Reinis Rozitis wrote: I meant the features that need to parse the HTTP request and do things based on it.. So tcp/raw mode won't work.. Thanks for the reply though! -- Pasi I think you are better in this case using 'nginx' for example - http://wiki.nginx.org/HttpProxyModule (can do ACL / rewrites / header change and balancing on its own). Yeah, I've tried nginx aswell. It supports SSL on both the frontend and backend, which is good, but the problem with nginx is that it doesn't support http/1.1 on the backend side.. I have some application that also requires http/1.1 and refuses to serve http/1.0 requests.. this is not easy :) -- Pasi
Re: Haproxy support for HTTPS (SSL) backend servers
On Mon, Oct 18, 2010 at 03:02:26PM +, Soren Hansen wrote: Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy Do your ACL stuff in HAproxy Then have HAproxy send the request to a local stunnel client. stunnel will then forward the request as ssl to a backend server. You will need to define one stunnel client per backend server. In HAproxy, you will have the local stunnels defined as servers. I tried this earlier.. and I got some problems with sessions timing out, and I could figure out what was causing it. It's kind of difficult when you have separate frontend (stunnel/pound), middleware (haproxy), and then also separate backend (stunnel). Replacing all that with nginx worked much better (no timeout problems), but then I have the problem where nginx doesn't support http/1.1 on the backend.. -- Pasi
Re: Haproxy support for HTTPS (SSL) backend servers
On Tue, Oct 19, 2010 at 02:35:01PM +0300, Pasi Kärkkäinen wrote: On Mon, Oct 18, 2010 at 03:02:26PM +, Soren Hansen wrote: Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy Do your ACL stuff in HAproxy Then have HAproxy send the request to a local stunnel client. stunnel will then forward the request as ssl to a backend server. You will need to define one stunnel client per backend server. In HAproxy, you will have the local stunnels defined as servers. I tried this earlier.. and I got some problems with sessions timing out, and I could figure out what was causing it. I was supposed to write couldn't .. -- Pasi It's kind of difficult when you have separate frontend (stunnel/pound), middleware (haproxy), and then also separate backend (stunnel). Replacing all that with nginx worked much better (no timeout problems), but then I have the problem where nginx doesn't support http/1.1 on the backend.. -- Pasi
RE: Haproxy support for HTTPS (SSL) backend servers
Have you tried Varnish? http://www.varnish-cache.org/ It's intended as a caching proxy but can do what you're after perfectly well. Also if there's anything it can't do, you can in-line drop in to C in the config files and make it do it! -Original Message- From: Pasi Kärkkäinen [mailto:pa...@iki.fi] Sent: 19 October 2010 12:33 To: Reinis Rozitis Cc: haproxy@formilux.org Subject: Re: Haproxy support for HTTPS (SSL) backend servers On Mon, Oct 18, 2010 at 07:00:37PM +0300, Reinis Rozitis wrote: I meant the features that need to parse the HTTP request and do things based on it.. So tcp/raw mode won't work.. Thanks for the reply though! -- Pasi I think you are better in this case using 'nginx' for example - http://wiki.nginx.org/HttpProxyModule (can do ACL / rewrites / header change and balancing on its own). Yeah, I've tried nginx aswell. It supports SSL on both the frontend and backend, which is good, but the problem with nginx is that it doesn't support http/1.1 on the backend side.. I have some application that also requires http/1.1 and refuses to serve http/1.0 requests.. this is not easy :) -- Pasi
Re: Haproxy support for HTTPS (SSL) backend servers
Have you tried Varnish? http://www.varnish-cache.org/ It's intended as a caching proxy but can do what you're after perfectly well. Also if there's anything it can't do, you can in-line drop in to C in the config files and make it do it! As far as I know varnish doesnt support SSL (neither as frontend nor in backends)? So you would have to implement some extra layers anyways. While I havent tried myself (the URL thing (with providing the key/cert to the balancer)) you could try Pound ( http://www.apsis.ch/pound/ ) which supports theclient -- ssl -- balancer (url parsing) -- ssl -- backend scheme.. rr
RE: sock-raw.org
Greetings, I'd like to contact the person responsible for the development of sock-raw.org. I can list your website in our search engine (search.expo-max.com). This will give you a) extra in-bound links, and b) additional traffic. We currently send over 12,000 visitors per day to those sites that are listed at no cost to our users. Here are some sample runs, your site will of course be listed under YOUR keywords: http://search.expo-max.com/dvd/ http://search.expo-max.com/apartments/ http://search.expo-max.com/travel/ The data for the search engine is provided by our free Real Analytics tracking system, so all you have to do is set up tracking on your website and our system will do the rest automatically. Our Real Analytics program will also provide you with detailed traffic statistics. Furthermore, it will report your website's rank in all search engines for all keywords, including specialty search engines, like Google Images. Here are some screen shots and demo: Screen shots: http://expo-max.com/screenshots/ Demo: http://expo-max.com/analytics/demo/ (No signup needed) This program is provided free of charge, not some limited time free trial, so you can take advantage of it for as long as you wish. Why free? We have other optional programs that involve payments, and our Real Analytics users are our future potential clients. Here's how to get started (you don't need a credit card): 1. Create a free account at https://expo-max.com/account/signup/ 2. Once you're in the control panel, click Analytics from the menu on the left 3. Click Add Website button under the table and follow instructions For detailed setup instructions you can refer to our documentation: http://expo-max.com/documentation/analytics/setup/ Once your site is being tracked, it will start appearing in our search results as soon as enough information is gathered, typically 24 hours. Please let me know how it works out or if you need my help. Thanks, Alex Prikhodko Lead Developer expo-MAX Inc. 10520 Yonge St., Unit 35B Suite 138 Richmond Hill, ON L4C 3C7 CANADA a...@expo-max.com 1-877-7-EXPOMAX (877-739-7662)
