Perbal and Stunnel
Alessandro Ranellucci
aar at cpan.org
Mon Jan 16 18:46:51 UTC 2006
On 16-01-2006 at 18:32, Kevin Minnick wrote:
>Yes, 100 different IP addresses. We host SSL sites for many different
>companies, each with their own SSL cert.
100 stunnel instances will work for sure. I don't know how does stunnel
scale, though, so it may also become a bottleneck. Maybe an SSL-enhanced
hardware load balancer would do that more nicely.
>If mod_proxy supported an easy way (or any way) to:
>1. Detect a backend server failure
>2. Load Balance backend servers
>I would use that since it does support SSL nicely.
What about mod_proxy > Perlbal > backends?
>On a side note, I looked at the code for IO::Socket::SSL but I could
>not figure out how to get passed the blocking issue, but I'm by no
>means a skilled perl programmer.
The problem is not in IO::Socket::SSL and neither in Net::SSLeay, but is
in the OpenSSL libraries. That tiny SSL_accept() function in ssl_lib.c
is the blocking part, so I'm afraid that it would be quite impossible to
make that non-blocking by providing callbacks and so on.
I think that this task could be accomplished by a module silimiar to
IO::AIO, that is something with pthreads and a poll-like interface.
I haven't got no time to work on such a module, though :)
- alessandro.
More information about the perlbal
mailing list