This is wonderful. Thank you. Would I have to setup stunnel on a different server, and then forward those SSL requests to the haproxy server, and then from there, forward those request to the web servers? Or, can stunnel be installed and used on the same server as the haproxy? If I used stunnel and haproxy, would each of my web servers websites also need an SSL certificate installed? (Or is the SSL certificate only installed on the stunnel box?) Also, quick question regarding how haproxy works (I'm a newbie, as you can tell). Does my users put in the haproxy server name in their url, like so: http://haproxyservername.domain.com ? And then that forwards requests the webservers and load balances them? Sorry for so many questions! I'm totally new at this. Thank you again for taking the time to help. Anne
_____ From: Craig Carl [mailto:[email protected]] Sent: Saturday, March 13, 2010 5:52 PM To: Anne Moore Cc: XANi; [email protected] Subject: Re: setup with Oracle and SSL Anne - Your would need an application to handle SSL and forward HTTP. I use stunnel for that with no problem. This is the guide I used, the basics are the same on any distro - http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-an d-https/ Craig On Sat, Mar 13, 2010 at 2:27 PM, Anne Moore <[email protected]> wrote: Very interesting. Thank you for the reply. That's very disappoint that haproxy doesn't support SSL. However, what if I my haproxy was HTTP, and it forwarded requests to my two backend HTTPS (SSL) URL servers? Would this scenario work fine with haproxy? Thank you Anne _____ From: XANi [mailto:[email protected]] Sent: Saturday, March 13, 2010 4:25 PM To: Anne Moore Cc: [email protected] Subject: Re: setup with Oracle and SSL Hi Dnia 2010-03-13, sob o godzinie 13:34 -0500, Anne Moore pisze: Greetings to all, I'm new to this group, but have really been working hard on getting haproxy working for Oracle Application HTTP server over SSL. I've looked through the website, but can't seem to find anything that shows how to setup SSL on the haproxy. I also can't find anything on how to setup haproxy with Oracle Application HTTP server. Would someone on this list have that knowledge, and be willing to share? Thank you! Anne That's because haproxy doesn't support SSL in http mode, if u want HTTPS u need to set up "SSL proxy" in form of for example Lighttpd. so it works like that: Lighttpd( https:443) -> Haproxy(http:80) ->your_backend_servers. Only thing to watch out is loggin client IP, basically u have to add to config option forwardfor except 127.0.0.1 where "127.0.0.1" is ur SSL proxy address Then proxy will be passing original client IP thru "X-Forwarded-For" header "except 127.0.0.1" is because lighttpd adds "X-Forwarded-For" when used as proxy so haproxy doesn't have to (obv. replace it with other ip if ur SSL proxy is on different host) Regards XANi -- Mariusz Gronczewski (XANi) <[email protected]> GnuPG: 0xEA8ACE64 http://devrandom.pl
