Perbal and Stunnel
kwminnick at gmail.com
Mon Jan 16 17:32:07 UTC 2006
Yes, 100 different IP addresses. We host SSL sites for many different
companies, each with their own SSL cert. We currently use Apache, but
the problem is we want to be able to send static SSL requests to one
set of backend servers and dynamic SSL requests to another set of
backend servers. We could use mod_proxy but I like all of the
features of Perlbal.
If mod_proxy supported an easy way (or any way) to:
1. Detect a backend server failure
2. Load Balance backend servers
I would use that since it does support SSL nicely.
On a side note, I looked at the code for IO::Socket::SSL but I could
not figure out how to get passed the blocking issue, but I'm by no
means a skilled perl programmer.
On 1/16/06, Brad Fitzpatrick <brad at danga.com> wrote:
> Perlbal's native SSL support hasn't been improved since that post, sorry.
> It was never supposed to have SSL but then that IO::Socket::SSL made it so
> tempting. Unfortunately it blocks and I haven't had time/need to look
> into it.
> Not sure how you'd run 100+ stunnel instances .... would you need 100
> different IP addresses? I don't know the protocol details of SSL well.
> What are you currently using, and what's wrong with it? I assume Apache?
> - Brad
> On Mon, 16 Jan 2006, Kevin Minnick wrote:
> > Hello,
> > I'm looking into using Perlbal on a highly trafficked site that uses
> > multiple SSL certificates. Perlbal looks great, but when I was
> > researching SSL support, I ran across this thread:
> > http://lists.danga.com/pipermail/perlbal/2005-November/000140.html
> > I was wondering if there were any known workarounds. If not, I was
> > wondering if running multiple instances of stunnel in front of Perlbal
> > would be a sufficient workaround?
> > We currently have over 100 certificates that need to be supported.
> > I searched the list archives but was unable to find anything. Any
> > help is much appreciated.
> > Thanks,
> > Kevin
More information about the perlbal