Hi, I am pretty sure that termination traffic on Pound, Apache or Nginx will do a work. My question is more about performance of such solution. It will eb a entrance point and I don't want to create a single point of failure. In case of splitting it to 2 LB layers HAProxy-> SSL termination->backend servers - create additional complexity.
---------------------------- Alexander Kamardash From: adu...@fireitup.net [mailto:adu...@fireitup.net] On Behalf Of Vikram Adukia Sent: Thursday, May 03, 2012 1:38 AM To: Alexander Kamardash Cc: haproxy@formilux.org Subject: Re: HAProxy and SSL traffic termination A fairly easy configuration is to have Pound SSL sitting in front of HAProxy. I don't have benchmark numbers, but the configuration is fairly simple: Pound:443 -> Haproxy:80 (or really any tcp port that haproxy is listening on) Here's most of my pound.cfg file: ListenHTTPS Address 0.0.0.0 Port 443 # Obviously, adjust this to point to wherever your ssl cert is Cert "/etc/ssl/yourssl.pem" End Service Backend # in this configuration, haproxy is sitting on the same server as pound Address 127.0.0.1 Port 80 End End On Wed, May 2, 2012 at 3:00 PM, Baptiste <bed...@gmail.com<mailto:bed...@gmail.com>> wrote: On Wed, May 2, 2012 at 3:46 PM, Alexander Kamardash <alexander.kamard...@trusteer.com<mailto:alexander.kamard...@trusteer.com>> wrote: > Hi, > > > > We want to perform LB, SSL termination and L7 on HAProxy. Could you please > advise the best approach for it? We are interested in max performance and > not complicated configuration. > > If you are already running such configuration, pls share what is the max > connection rate you reach. > > > > ------------- > > Alexander > > Hi, If you can wait a bit, HAProxy will do SSL endpoint for you. Waiting that, either nginx or stud looks to perform quite well. cheers
