Or you may use PROXY protocol and set send-proxy in your haproxy
configuration and ask stud to merge this :
https://github.com/bumptech/stud/pull/81
Hervé.
On 05/22/2012 05:48 PM, Allan Wind wrote:
I read through the last 6 months of archive and the usual answer
for SSL support is put nginx/stunnel/stud in front. This, as far
as I can tell, means a single server handling SSL, and this is
the what<http://haproxy.1wt.eu/#desi> suggest is a non-scalable
solution.
You can obviously configure haproxy to route ssl connections to a
form via the tcp mode, but you then lose the client IP. The
transparent keyword is promising but apparently requires haproxy
box to be the gateway. Not sure that is possible with our cloud
environment.
I understand from:
<http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html#setting-a-session-cache-with-apache-nginx>
that session reuse (i.e. mod_gnutls in our case) would need to be
configured on the backend to permit ssl resume.
But how do you go about distributing traffic to a ssl form
without losing the client IP?
/Allan
--
Hervé COMMOWICK
Ingénieur systèmes et réseaux.
http://www.rezulteo.com
by Lizeo Online Media Group <http://www.lizeo-online-media-group.com/>
42 quai Rambaud - 69002 Lyon (France) ⎮ ☎ +33 (0)4 63 05 95 30
