Jonathan wrote: > a- is this correct: > the recommended place to run ssl through is some sort of proxy? > ie: > internet ||| -> Load Balancer ( ssl ) -> cluster ( mod_perl / > vanilla / etc ) > internet ||| -> Apache Port 80/443 ( ssl + vanilla ) -> mod_perl > ( port 8000 ) > internet ||| -> Lighttpd Port 80/443 ( ssl + vanilla ) -> > mod_perl ( port 8000 ) I think ideally you would want your front end proxy layer / load balancer to be SSL and ProxyPass or mod_rewrite to a backend mod_perl application layer.
Ideally only the proxy layer is physically on the Internet, so communication from proxy<->application layer doesn't really have to be encrypted unless of course you don't trust your internal network. That will save you some $$$ in SSL cards that you won't have to buy. Proxyies on 80 and 433 application layer on 80 or whatever port As long as your static content doesn't come off the application layer it doesn't really matter if its lighhttp or or some httpd proxy config; likely, you'll need it to support HTTPS and HTTP to avoid the dreaded warnings for mixing schemes for images and external URIs like javascript/css and the such. Just my 2cents -- ------------------------------------------------------------------------ Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708 Consultant / http://p6m7g8.net/Resume/resume.shtml Senior Software Engineer - TicketMaster - http://ticketmaster.com 1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F "In all that I've done wrong I know I must have done something right to deserve a hug every morning and butterfly kisses at night."