On Tue, Oct 19, 2010 at 02:35:01PM +0300, Pasi Kärkkäinen wrote: > On Mon, Oct 18, 2010 at 03:02:26PM +0000, Soren Hansen wrote: > > Terminate the ssl using apache+mod_ssl as a proxy to your HAproxy > > Do your ACL stuff in HAproxy > > Then have HAproxy send the request to a local stunnel client. > > stunnel will then forward the request as ssl to a backend server. > > > > You will need to define one stunnel client per backend server. > > In HAproxy, you will have the local stunnels defined as servers. > > > > I tried this earlier.. and I got some problems with sessions > timing out, and I could figure out what was causing it. >
I was supposed to write "couldn't" .. -- Pasi > It's kind of difficult when you have separate frontend (stunnel/pound), > "middleware" (haproxy), and then also separate backend (stunnel). > > Replacing all that with nginx worked much better (no timeout problems), > but then I have the problem where nginx doesn't support http/1.1 on the > backend.. > > -- Pasi > >