|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2005
/
2005-09
/
Questions about HTTPS backend
[
Question about sessions / "Cedric ... ]
[
Problems with streaming Windows media? / ... ]
Questions about HTTPS backend
"Jacky C.K Tsoi" <cktsoi(at)school.hk> |
2005-09-29 10:39:45 |
[ FULL ]
|
Hi,
I'd like to ask is it still impossible to have Pound talk to HTTPS backend?
Because we've a server that ONLY speak HTTPS and we'd like to have Pound
in front of it, that is:
Client <---- HTTPS ----> Pound <---- HTTPS
----> Server
Is is possible to do so?
Best Wishes,
Jacky C.K Tsoi
|
|
|
Re: [Pound Mailing List] Questions about HTTPS backend
Ed R Zahurak <ezahurak(at)atlanticbb.net> |
2005-09-29 13:34:36 |
[ FULL ]
|
Jacky C.K Tsoi wrote:
[...]
Yup. Still impossible.
You might want to look into balance, a great little utility that's
pretty useful for cases where you must load-balance https or some other
tcp protocol. Pretty no-frills, but it does the job nicely.
http://www.inlab.de/balance.html
Ed Z.
|
|
|
Re: [Pound Mailing List] Questions about HTTPS backend
Ted Dunning <tdunning(at)veoh.com> |
2005-09-29 19:45:57 |
[ FULL ]
|
I think you can do this, but I should defer about whether it is possible
to do. It is pretty bizarre to do if only for performance reasons. It
is very rare for a server to only be able to serve HTTPS for technical
reasons as opposed to policy.
If you do this, you will have to have certificates for pound (to talk to
the world) and on the servers (to talk to pound). You will face
problems if users expect to authenticate to a particular back end
because their connection will only be to Pound.
There is an excellent discussion about why this isn't what you want to
do in the documentation. The crux of the matter is that HTTPS is
designed to prevent man-in-the-middle attacks and layer 5 load balancing
implies that the man in the middle can see the content.
Can you re-examine your assertion that your server will only speak HTTPS?
Jacky C.K Tsoi wrote:
[...]
[...]
|
|
|
|
