httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Sutherland <ja...@cam.ac.uk>
Subject Re: [module porting] mod_proxy
Date Wed, 15 Mar 2000 11:26:42 GMT
On Wed, 15 Mar 2000, Graham Leggett wrote:

> James Sutherland wrote:
> 
> > If the front-end is doing caching, then yes. You then also have to do any
> > IP based access control on the front-end, along with logging, parsing
> > requests...
> 
> Exactly - on two front end Apache boxes, rather than a whole host of
> backend machines, many of whom don't support proper access control
> natively anyway.

Yes, Apache is good here - compensating for partially braindead backend
servers, where you DO need some "intelligence" in the front-end.

I, OTOH, do NOT want the front-end boxes doing anything more than
buffering/encryption. I want it to act as a dedicated front-end to Apache.

> > Yes, this sounds like a good arrangement - but Apache isn't ideally suited
> > to this, IMO...
> 
> Apache is ideally suited to this, something we have proved practically
> over the last year of running it like this.
> 
> I like the idea that Apache is a webserver first, and a proxy second -
> it means I get to do webserver things like many websites on one IP
> address, logging, access control using __one__ access control system,
> serving of simple static files, proxying URLs to different machines
> based on URL rather than website name, etc etc.

Not the environment I'm aiming at at all.

> I went through the pain of trying to get Netscape Proxy Server to act as
> a frontend for a website, and wasted 3 weeks of time in the process. As
> a really simple server it worked, but as soon as you tried to do
> anything that resembled URL or website management, it was a nightmare.

I don't want a proxy server. If I did, I'd use Squid or Apache. I want
load-balancing, possibly with *transparent* encryption support. (i.e. the
backend server "thinks" it's handling a normal SSL request - but
offloading the encryption number crunching to another box.)

> > Trying to add encryption support to this, for example, could be quite
> > difficult.
> 
> A trivial exersize achieved with mod_ssl. We already did it, works
> great.

Interesting. How do you pass the information on certificates, protocol
used, remote IP etc. to the back end?


James.


Mime
View raw message