Mailing List Archive: mod_backhand: users

Backhand and SSL

Index | Next | Previous | View Threaded

kip at kiplandiles

Feb 25, 2002, 11:59 AM

Post #1 of 4 (487 views)
Permalink

Backhand and SSL

What is the recommended method for using SSL and mod_backhand in a two tier
Apache cluster?

Do I need to maintain all the SSL keys at the front and back tiers and run
backand with mod_ssl/openssl on all tiers (currently SSL is only running on
the backend tier)?

The backhand handler only shows port 80 or port 443 (depending on the order
of the Listen directive), not both. Are both ports being monitored?

Thanks in advance ...

Kip Iles
Director of Information Systems
NO Boundaries Network
http://www.matrix51.com

sean at chittenden

Feb 25, 2002, 3:18 PM

Post #2 of 4 (479 views)
Permalink

Backhand and SSL [In reply to]

> Do I need to maintain all the SSL keys at the front and back tiers
> and run backand with mod_ssl/openssl on all tiers (currently SSL is
> only running on the backend tier)?

Maintain the keys on the front tier. When mod_backhand proxies your
request, it'll proxy it in plain text back to the back tier.

> The backhand handler only shows port 80 or port 443 (depending on
> the order of the Listen directive), not both. Are both ports being
> monitored?

mod_backhand will operate on any port that Apache listens on, but will
only forward connections to port 80. -sc

--
Sean Chittenden

jesus at omniti

Feb 25, 2002, 3:26 PM

Post #3 of 4 (478 views)
Permalink

Backhand and SSL [In reply to]

On Monday, February 25, 2002, at 05:18 PM, Sean Chittenden wrote:
>> Do I need to maintain all the SSL keys at the front and back tiers
>> and run backand with mod_ssl/openssl on all tiers (currently SSL is
>> only running on the backend tier)?
>
> Maintain the keys on the front tier. When mod_backhand proxies your
> request, it'll proxy it in plain text back to the back tier.

Indeed.

>> The backhand handler only shows port 80 or port 443 (depending on
>> the order of the Listen directive), not both. Are both ports being
>> monitored?
>
> mod_backhand will operate on any port that Apache listens on, but will
> only forward connections to port 80. -sc

To be more specific (and slightly corrective): mod_backhand will
forward to any port advertised by other servers, (80, 443, 8080, etc.)
But it will ONLY talk HTTP so if it is proxying back to a server on the
backend to an SSL port 443, it simply will break.

--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

kip at kiplandiles

Feb 25, 2002, 3:27 PM

Post #4 of 4 (480 views)
Permalink

Backhand and SSL [In reply to]

Thanks Sean!

BTW, After commenting out the ClearModuleList from the Apache config,
removeSelf started working so I did not need to use the byHostname
directive.

Also, I found the log output I was looking for ...
# BackhandLogLevel +dcsnall
# BackhandLogLevel +netall
# BackhandLogLevel +mbcsall

...which proved that removeSelf was working.

Now if I could just figure out the HA session persistence, I would be
through :~)

-kip

----- Original Message -----
From: "Sean Chittenden" <sean [at] chittenden>
To: "Kip Iles" <kip [at] kiplandiles>
Cc: <backhand-users [at] lists>
Sent: Monday, February 25, 2002 5:18 PM
Subject: Re: [m_b_users] Backhand and SSL

> > Do I need to maintain all the SSL keys at the front and back tiers
> > and run backand with mod_ssl/openssl on all tiers (currently SSL is
> > only running on the backend tier)?
>
> Maintain the keys on the front tier. When mod_backhand proxies your
> request, it'll proxy it in plain text back to the back tier.
>
> > The backhand handler only shows port 80 or port 443 (depending on
> > the order of the Listen directive), not both. Are both ports being
> > monitored?
>
> mod_backhand will operate on any port that Apache listens on, but will
> only forward connections to port 80. -sc
>
> --
> Sean Chittenden
>
> _______________________________________________
> backhand-users mailing list
> backhand-users [at] lists
> http://lists.backhand.org/mailman/listinfo/backhand-users
>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads