On Mon, Oct 18, 2010 at 03:02:26PM +0000, Soren Hansen wrote:
> Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy
> Do your ACL stuff in HAproxy
> Then have HAproxy send the request to a local stunnel client.
> stunnel will then forward the request as ssl to a backend server.
>  
> You will need to define one stunnel client per backend server.
> In HAproxy, you will have the local stunnels defined as servers.
> 

I tried this earlier.. and I got some problems with sessions
timing out, and I could figure out what was causing it.

It's kind of difficult when you have separate frontend (stunnel/pound),
"middleware" (haproxy), and then also separate backend (stunnel).

Replacing all that with nginx worked much better (no timeout problems),
but then I have the problem where nginx doesn't support http/1.1 on the 
backend..

-- Pasi


Reply via email to