Re: question: ssl login
Jonathan wrote: a- is this correct: the recommended place to run ssl through is some sort of proxy? ie: internet ||| - Load Balancer ( ssl ) - cluster ( mod_perl / vanilla / etc ) internet ||| - Apache Port 80/443 ( ssl + vanilla ) - mod_perl ( port 8000 ) internet ||| - Lighttpd Port 80/443 ( ssl + vanilla ) - mod_perl ( port 8000 ) I think ideally you would want your front end proxy layer / load balancer to be SSL and ProxyPass or mod_rewrite to a backend mod_perl application layer. Ideally only the proxy layer is physically on the Internet, so communication from proxy-application layer doesn't really have to be encrypted unless of course you don't trust your internal network. That will save you some $$$ in SSL cards that you won't have to buy. Proxyies on 80 and 433 application layer on 80 or whatever port As long as your static content doesn't come off the application layer it doesn't really matter if its lighhttp or or some httpd proxy config; likely, you'll need it to support HTTPS and HTTP to avoid the dreaded warnings for mixing schemes for images and external URIs like javascript/css and the such. Just my 2cents -- Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708 Consultant / http://p6m7g8.net/Resume/resume.shtml Senior Software Engineer - TicketMaster - http://ticketmaster.com 1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F In all that I've done wrong I know I must have done something right to deserve a hug every morning and butterfly kisses at night.
Re: question: ssl login
On Mon, 2006-07-10 at 21:52 -0400, Jonathan wrote: a- is this correct: the recommended place to run ssl through is some sort of proxy? Yes. b-in that scenario, is there any way to make sure that a login happened via SSL ? There are many ways you could do it. You can proxy traffic from SSL to a differently-named virtual host on the mod_perl server, or a different port, or add a header of some kind to the proxied request. There's a lot of discussion on this topic in the mailing list archives. - Perrin
question: ssl login
i need to lock down a login/registration/password system under ssl
i've never done this stuff before
the mod_perl ssl stuff is a bit lacking in docs, so off of things
i've read in misc places and the 1.0 guide, i have a few questions:
a- is this correct:
the recommended place to run ssl through is some sort of proxy?
ie:
internet ||| - Load Balancer ( ssl ) - cluster ( mod_perl /
vanilla / etc )
internet ||| - Apache Port 80/443 ( ssl + vanilla ) - mod_perl
( port 8000 )
internet ||| - Lighttpd Port 80/443 ( ssl + vanilla ) - mod_perl
( port 8000 )
b- in that scenario, is there any way to make sure that a login
happened via SSL ?
the $ENV{HTTPS} , like in the mp docs , would only be set if we were
using the same modperl for both 80 and 443 and serving directly,
correct ?
any pointers would be greatly appreciated.
//Jonathan Vanasco
|- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - -
| RoadSound.com / Indie-Rock.net
| Collaborative Online Management And Syndication Tools
|- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - -
