On Mon, Oct 18, 2010 at 03:02:26PM +0000, Soren Hansen wrote: > Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy > Do your ACL stuff in HAproxy > Then have HAproxy send the request to a local stunnel client. > stunnel will then forward the request as ssl to a backend server. > > You will need to define one stunnel client per backend server. > In HAproxy, you will have the local stunnels defined as servers. >
I tried this earlier.. and I got some problems with sessions timing out, and I could figure out what was causing it. It's kind of difficult when you have separate frontend (stunnel/pound), "middleware" (haproxy), and then also separate backend (stunnel). Replacing all that with nginx worked much better (no timeout problems), but then I have the problem where nginx doesn't support http/1.1 on the backend.. -- Pasi