Am 14.03.2011 12:05, schrieb Kacper Wysocki: > On Mon, Mar 14, 2011 at 9:34 AM, Gerhard Schmidt <[email protected]> wrote: >> Am 14.03.2011 08:55, schrieb Poul-Henning Kamp: >>> In message <[email protected]>, Gerhard Schmidt writes: >>> >>>> stunnel has the disatwantage that we loose the clientIP information. >>> >>> Doesn't it set a header with this information ? >> >> It's a tunnel. It doesn't change the stream. As I said, we use pound because >> it sets the header. But its another daemon to run and to setup. Another >> component that could fail. Integrating SSL in varnish would reduce the >> complexity. > > What you meant to say is "integrating SSL in Varnish would increase > complexity". > Putting that component inside varnish doesn't automatically make it > infallable. As an added bonus, if SSL is in a separate process it > won't bring the whole server down if it fails, if that's the kind of > stuff you're worried about.
It does kill your serive if your service is SSL based. Managing more config and more daemons always increses the complexity. More Daemons increse the probabilty of failure and increase the monitioring requirements. More Daemons increase the probailty of security problems. More Daemons increase the amount of time spend keepings the system up to date. It might increase the complexity of varnish but not the system a hole. Regards Estartu -- ------------------------------------------------- Gerhard Schmidt | E-Mail: [email protected] TU-München | Jabber: [email protected] WWW & Online Services | Tel: 089/289-25270 | Fax: 089/289-25257 | PGP-Publickey auf Anfrage
signature.asc
Description: OpenPGP digital signature
_______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
