Menu
▾
▴
Re: [Openinteract-help] running ssl and non ssl for the same instance
|
From: Chris W. <ch...@cw...> - 2003-01-15 22:11:07
|
Chris McDaniel wrote:
> Here's my question - If I want to run SSL and non SSL instances of the same
> site, I need to use 2 virtualhost blocks (AFAIK) so I've made a copy of my
> modperl solo conf file and changed it to reflect port 80 only, and I'm
> including them both in my httpd.conf - now when I start it up I know it's
> running startup.pl twice, but it seems to work OK, and when I login on one
> side (https, for example) I seem to carry my session over when I switch to
> the http side. Any downsides to this? it doesn't seem like a good idea to
> me but nothing else seems to work...
It always seemed to me that running an SSL-enabled mod_perl
backend is unnecessary if you have SSL-enabled lightweight apache
frontends. Plus SSL-enabling a mod_perl server is adding girth to
a process that's already pretty heavy to begin with.
The following should work without any problems:
SSL-encrypted traffic
|
--------- ------> --------------- ------> ----------
browser | lightweight-SSL proxy mod_perl
--------- <------ --------------- <------ ----------
| | | |
| +---Unencrypted traffic-+------|--|
| | | |
+--------------> ------------------- -----+ |
| | lightweight non-SSL proxy |
+<-------------- ------------------- <-------+
So the traffic between browser and SSL-enabled frontend server is
encrypted, but the traffic between frontend and backend isn't.
And since the non-SSL-enabled frontend server talks to the same
backend as the SSL-enabled frontend server you won't have any
replication issues or anything.
Of course, this means you need to run a frontend server with
mod_proxy compiled in. But this is a good idea anyway :-)
Chris
--
Chris Winters (ch...@cw...)
Building enterprise-capable snack solutions since 1988.
|
