Hey!Sorry, I did not explain detailed enough - I'm not using mod-itk in balancer, but in backend server.
I made few line of corrections, but will describe more detailed later and add some more configuration examples and compare to what if orginal apache logic would be used for SSL offload and load balancing.
Thanks a lot for your responses, I got few new ideas, how to make my solution better. :)
Margus PÃrt On 02/07/2011 02:29 PM, Tom Evans wrote:
On Mon, Feb 7, 2011 at 12:00 PM, Margus PÃrt<margus@xxxxxxxx> wrote:Hello! Thank you for your response! Glad to hear that I am not the only, who has thought that this solution would make life easier. Taking Apache-Event into use in our case is not an option, as Apache2-mpm-itk is used (proccesses running in different user rights) and new TCP connection has to be started for new client - it would be possible to assign different IP-s for different hosts, but named hosting is much easier to configure. If you would be so kind and take a look at the documentation also and give your oppinion: https://apache2-ssloffload-and-loadbalance.googlecode.com/svn/trunk/Documentation/apache2_ssloffload_and_loadbalance.pdf Page 3 contains summary - how it works - and most of it is automatic install + configuration by copy-paste to bash.mpm-itk is to allow dynamic components to run as the appropriate user isn't it? Why would you run your ssl offload and proxy server with specific uids? Backends, sure, but everything at this tier should be generic and scalable - thats the point of offload. I had a quick look at the docs: There is a lot of distro-specific and site-specific configuration in there, that probably wouldn't be pertinent to most users. For instance, most users setting up an SSL site have no interest in client certificates, they simply want to secure comms. If you are producing a 'this is how we set up servers' for $JOB, then great, but I don't see how sharing this with the world at large helps them or you. There is also little or no explanation of how/why you have chosen this configuration, which makes it difficult to see why to use this. Think of Apache as the world's most configurable Leatherman's multi tool (use google if you don't know what one is :). You've produced a configuration that works great for you, it's an amazing 'corkscrew'. Other people don't need 'corkscrew's, they need 'knife' or 'toothpick' or 'toothpick-corkscrew'. For those people, even the one who needs something very similar to what you have, your doc doesn't really help much, as it isn't what they need, and doesn't explain the choices that they have. For instance, your choice of mpm-itk is exceedingly rare for this sort of use case. To someone who doesn't have your requirements, it is almost certainly an incorrect choice, but no-where in your docs do you go into your choice of MPM, etc. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See<URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|