modperl with SSL

hello list,

we have our own realserver called QHttpd.
This realserver doesn't support SSL protocal (https).
So I have to develop a proxy before QHttpd to get it be compatible with SSL.
I was thinking using modperl handler to do it.
modperl accept the SSL connection from clients, do the verification,
and if it's valid, redirect it to realserver with non-SSL (common
http) protocal.
Is it possible? if so, how to begin with it? at which stage?
Thanks in advance.

B. Regards,
Joy P.

Re: modperl with SSL

What is a realserver?

J. Peng wrote:
> hello list,
>
> we have our own realserver called QHttpd.
> This realserver doesn't support SSL protocal (https).
> So I have to develop a proxy before QHttpd to get it be compatible with SSL.
> I was thinking using modperl handler to do it.
> modperl accept the SSL connection from clients, do the verification,
> and if it's valid, redirect it to realserver with non-SSL (common
> http) protocal.
> Is it possible? if so, how to begin with it? at which stage?
> Thanks in advance.
>
> B. Regards,
> Joy P.
>

Re: modperl with SSL

realserver, generally, it means a web server like apache, which is
different from a proxy like squid.

On Mon, Mar 24, 2008 at 3:56 PM, Foo JH wrote:
> What is a realserver?
>
>
>
> J. Peng wrote:
> > hello list,
> >
> > we have our own realserver called QHttpd.
> > This realserver doesn't support SSL protocal (https).
> > So I have to develop a proxy before QHttpd to get it be compatible with SSL.
> > I was thinking using modperl handler to do it.
> > modperl accept the SSL connection from clients, do the verification,
> > and if it's valid, redirect it to realserver with non-SSL (common
> > http) protocal.
> > Is it possible? if so, how to begin with it? at which stage?
> > Thanks in advance.
> >
> > B. Regards,
> > Joy P.
> >
>
>

Re: modperl with SSL

a backend server - the server that REALly serves the request.

Foo JH wrote:
> What is a realserver?
>
> J. Peng wrote:
>> hello list,
>>
>> we have our own realserver called QHttpd.
>> This realserver doesn't support SSL protocal (https).
>> So I have to develop a proxy before QHttpd to get it be compatible
>> with SSL.
>> I was thinking using modperl handler to do it.
>> modperl accept the SSL connection from clients, do the verification,
>> and if it's valid, redirect it to realserver with non-SSL (common
>> http) protocal.
>> Is it possible? if so, how to begin with it? at which stage?
>> Thanks in advance.
>>
>> B. Regards,
>> Joy P.
>>

Re: modperl with SSL

--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 24, 2008 at 03:25:26PM +0800, J. Peng wrote:
> hello list,
>=20
> we have our own realserver called QHttpd.
> This realserver doesn't support SSL protocal (https).
> So I have to develop a proxy before QHttpd to get it be compatible with S=
SL.
> I was thinking using modperl handler to do it.
> modperl accept the SSL connection from clients, do the verification,
> and if it's valid, redirect it to realserver with non-SSL (common
> http) protocal.
> Is it possible? if so, how to begin with it? at which stage?
> Thanks in advance.
>=20
Would something like iprelay or stunnel not be sufficient for your
needs?

Regards,

-Roberto
--=20
Roberto C. S=E1nchez
http://people.connexer.com/~roberto
http://www.connexer.com

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH55Sx5SXWIKfIlGQRAk59AKCk+3iJAdNjI3c4h2oGu8TFEgP4IwCg l2Pe
IshKQZ7DbX0UzVZmn3QwG8E=
=oepO
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--

Re: modperl with SSL

I also recommend stunnel. It has come through for me in these same
situations without problems.

On Mon, 2008-03-24 at 07:46 -0400, Roberto C. Sánchez wrote:
> On Mon, Mar 24, 2008 at 03:25:26PM +0800, J. Peng wrote:
> > hello list,
> >=20
> > we have our own realserver called QHttpd.
> > This realserver doesn't support SSL protocal (https).
> > So I have to develop a proxy before QHttpd to get it be compatible with=
SSL.
> > I was thinking using modperl handler to do it.
> > modperl accept the SSL connection from clients, do the verification,
> > and if it's valid, redirect it to realserver with non-SSL (common
> > http) protocal.
> > Is it possible? if so, how to begin with it? at which stage?
> > Thanks in advance.
> >=20
> Would something like iprelay or stunnel not be sufficient for your
> needs?
>=20
> Regards,
>=20
> -Roberto

Re: modperl with SSL

On Tue, 2008-03-25 at 17:45 +0800, J. Peng wrote:
> thanks.
> how about the capability of it?
> We have more than 100 million users,that's a great challenge.

That's a lot of users :)

I don't have the experience of supporting that number of users, but I've
used it on a site with 80 requests / second, and it didn't blink. Load
was always low, memory usage minimal.

Searching google, it appears that you may need to increase the number of
fd's available to pound in that busy an environment, but otherwise, I
think it unlikely that you'll have any issues.

Clint
>
>
> On Tue, Mar 25, 2008 at 5:14 PM, Clinton Gormley wrote:
> >
> > On Mon, 2008-03-24 at 15:25 +0800, J. Peng wrote:
> > > hello list,
> > >
> > > we have our own realserver called QHttpd.
> > > This realserver doesn't support SSL protocal (https).
> > > So I have to develop a proxy before QHttpd to get it be compatible with SSL.
> > > I was thinking using modperl handler to do it.
> > > modperl accept the SSL connection from clients, do the verification,
> > > and if it's valid, redirect it to realserver with non-SSL (common
> > > http) protocal.
> > > Is it possible? if so, how to begin with it? at which stage?
> > > Thanks in advance.
> >
> > You could also use Pound (http://www.apsis.ch/pound) which I use in
> > exactly the way described above. Easy to set up, fast, stable, small.
> >
> > clint
> >
> >