Return-Path: Delivered-To: apmail-new-httpd-archive@apache.org Received: (qmail 89516 invoked by uid 500); 15 Mar 2000 11:26:46 -0000 Mailing-List: contact new-httpd-help@apache.org; run by ezmlm Precedence: bulk X-No-Archive: yes Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list new-httpd@apache.org Received: (qmail 89503 invoked from network); 15 Mar 2000 11:26:45 -0000 Date: Wed, 15 Mar 2000 11:26:42 +0000 (GMT) From: James Sutherland X-Sender: jas88@dax.joh.cam.ac.uk To: new-httpd@apache.org Subject: Re: [module porting] mod_proxy In-Reply-To: <38CF8B77.3CB8D0A6@sharp.fm> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N On Wed, 15 Mar 2000, Graham Leggett wrote: > James Sutherland wrote: > > > If the front-end is doing caching, then yes. You then also have to do any > > IP based access control on the front-end, along with logging, parsing > > requests... > > Exactly - on two front end Apache boxes, rather than a whole host of > backend machines, many of whom don't support proper access control > natively anyway. Yes, Apache is good here - compensating for partially braindead backend servers, where you DO need some "intelligence" in the front-end. I, OTOH, do NOT want the front-end boxes doing anything more than buffering/encryption. I want it to act as a dedicated front-end to Apache. > > Yes, this sounds like a good arrangement - but Apache isn't ideally suited > > to this, IMO... > > Apache is ideally suited to this, something we have proved practically > over the last year of running it like this. > > I like the idea that Apache is a webserver first, and a proxy second - > it means I get to do webserver things like many websites on one IP > address, logging, access control using __one__ access control system, > serving of simple static files, proxying URLs to different machines > based on URL rather than website name, etc etc. Not the environment I'm aiming at at all. > I went through the pain of trying to get Netscape Proxy Server to act as > a frontend for a website, and wasted 3 weeks of time in the process. As > a really simple server it worked, but as soon as you tried to do > anything that resembled URL or website management, it was a nightmare. I don't want a proxy server. If I did, I'd use Squid or Apache. I want load-balancing, possibly with *transparent* encryption support. (i.e. the backend server "thinks" it's handling a normal SSL request - but offloading the encryption number crunching to another box.) > > Trying to add encryption support to this, for example, could be quite > > difficult. > > A trivial exersize achieved with mod_ssl. We already did it, works > great. Interesting. How do you pass the information on certificates, protocol used, remote IP etc. to the back end? James.