I'm expecting there is at least a few of you out there similar to me in that your enough of a creature of habit that you configure servers a certain way. Unless something presents itself to make you change it, you don't go looking for reasons to change.
I have been working on yet another reverse proxy lately. These come in so handy when I have only 1 IP address and virtualization is so cheap and easy as to make it desirable to keep my various web apps or even workspaces fully clean and separate from one another. Now that I have some config options set in my vserver configs that make a machine almost perfect before I even login, I am only about 3 CLI commands till I am in the new vserver working on whatever new project. Anyways, I have been very used to the normal state of SSL and the 1 certificate per IP address. So I was setting up the normal apache2+SSL setup I am used to using. And as is usual for me, I couldn't remember how to selfsign a SSL cert. So I go google cruising. Along the way I spot a rabbit hole of mod_gnutls. I go looking, and am fairly amazed. Works similar to mod_ssl, but supports multiple certs on a single IP. BTW, I love it when I see familiar people that I have met from NLUG as authors of information I needed. Manoj had a great write up on ssl cert creation, even an example that creates a new key and self signed cert in just one command. Search manoj ssl fud, the first link for me is http://www.golden-gryphon.com/blog/manoj//blog/2009/03/31/Fighting_FUD__58___Working_with_openssl/ For those who might be lost as to the point of a reverse proxy; A reverse proxy gives me a central spot to port forward from my firewall to a specific machine that then understands how to direct the traffic further inward to the destination. Also it allows me a central point for SSL cert management as the proxy has to be able to decrypt the request to forward it on. So all the internal machines are then just standard http servers. The proxy can even send some sites off to non standard ports for the internal machines. Nice for some applications that come with their own webserver on ports up high. Also the central proxy allows for options to be set like compression on the responses and it will then happen for all requests that can be negotiated. So at home I have setup a machine for teaching a class to some friends. Gave each person a vserver so they couldn't mess with the others machine and didn't have to think about it being a shared system. The reverse proxy now gives access to each of those machines, plus the vservers for my personal stuff, all with SSL enabled, and all hanging off my 1 IP address. -- Steven Critchfield [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
