>
> B> mod_ssl is not a light thing, and I need encrypt mod_perl'd script
results
> B> only, therefore I think that mod_ssl should be in back-end server. Am I
> B> right ? Does mod_proxy pass ssl encrypted data?
>
> mod_proxy allows CONNECT method for SSL protocol support. I didn't try
> it, though.
>
I know about it, but what it means? I'm not experienced enough with SSL.
If it allows to pass all requests of https protocol to mod_perl/mod_ssl
server - it is great.
I need the following configuration.
----------------------------------------------
lightweight Apache DSO server + mod_proxy + mod_rewrite
Listen on 80, 443 ports
httpd.conf kinda (I didn't test this config - just write what I need)
-----
AllowCONNECT 443
RewriteEngine On
# non-encrypted scripts
RewriteRule ^/(.*\.(pl|shtml|asp))$ http://$host:81/$1
[P,L]
# encrypted scripts
RewriteRule ^/(.*\.(sshtml))$ https://$host:444/$1
[P,L]
# I don't want encrypt images
RewriteCond %{SERVER_PORT} == 443
RewriteRule ^/(.*)$ http://$host:80/$1 [R,L]
ProxyPassReverse / http://$host:81/
ProxyPassReverse / https://$host:444/
-----
----------------------------------------------
mod_perl Apache DSO server + mod_ssl
Listen on 81, 444 ports (Accepts connections from localhost only)
httpd.conf
-----
Here all SSL related stuff
-----
I saw some discussions about configuration of "lightweight"
mod_proxy+mod_ssl server and mod_perl server.
But, sorry, I can't call mod_proxy+mod_ssl "light" server. Mod_ssl adds a 1
Meg to size of process.
Btw, it seems to be offtopic, but are there any tool kinda 'top' that shows
really used memory, because top shows:
----------------------------------------------
134 processes: 133 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 2.2% user, 3.3% system, 0.0% nice, 94.8% idle
Mem: 128396K av, 125284K used, 3112K free, 127332K shrd, 7976K buff
Swap: 130748K av, 3924K used, 126824K free 52540K cached
PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND
28358 apache 0 0 17160 16M 11224 S 0 0.0 13.3 0:01
libhttpd.ep
28361 apache 0 0 16920 16M 11272 S 0 0.0 13.1 0:01
libhttpd.ep
28357 apache 0 0 16876 16M 11260 S 0 0.0 13.1 0:01
libhttpd.ep
28356 apache 0 0 16396 16M 11320 S 0 0.0 12.7 0:01
libhttpd.ep
28351 root 0 0 14316 13M 14188 S 0 0.0 11.1 0:01
libhttpd.ep
28359 apache 0 0 14312 13M 14192 S 0 0.0 11.1 0:00
libhttpd.ep
28360 apache 0 0 14312 13M 14192 S 0 0.0 11.1 0:00
libhttpd.ep
28339 apache 0 0 1912 1912 1492 S 0 0.0 1.4 0:00
libhttpd.ep
28346 apache 0 0 1720 1720 1488 S 0 0.0 1.3 0:00
libhttpd.ep
28344 apache 0 0 1712 1712 1488 S 0 0.0 1.3 0:00
libhttpd.ep
28337 apache 0 0 1672 1672 1472 S 0 0.0 1.3 0:00
libhttpd.ep
28343 apache 0 0 1672 1672 1472 S 0 0.0 1.3 0:00
libhttpd.ep
28341 apache 0 0 1664 1664 1468 S 0 0.0 1.2 0:00
libhttpd.ep
28338 apache 0 0 1660 1660 1468 S 0 0.0 1.2 0:00
libhttpd.ep
28345 apache 0 0 1660 1660 1472 S 0 0.0 1.2 0:00
libhttpd.ep
28340 apache 0 0 1656 1656 1468 S 0 0.0 1.2 0:00
libhttpd.ep
28342 apache 0 0 1652 1652 1464 S 0 0.0 1.2 0:00
libhttpd.ep
28273 root 1 0 1536 1536 1388 S 0 0.2 1.1 0:00
libhttpd.ep
.............
----------------------------------------------
125284K used - is it real value ?? I ask because Shared memory is greater
than used :) I think this is impossible.
Memory - is a main reason why I wanna place mod_ssl to back_end server. If I
compile mod_ssl as DSO on front-end and it grows my used memory at 1-2 Meg
totally for 20-30 front-end processes - it will be a solution.
----------------------------------------------
Sergey Polyakov (BeerBong)
Chief of Web Lab (http://www.mustdie.ru/~beerbong)
