|
On Tue, 7 Aug 2007, Graeme Fowler wrote:
> Correct. Although if you get a (some) reverse proxy(ies) to sit
> logically between the load balancer(s) and the realservers, you can get
> them to do the SSL crypt/decrypt and then pass the requests to the
> realservers locally. This keeps the realservers doing what they do best,
> serving web pages, and means you can take (for example) the SSL part
> "out of the loop" without turning off all of the plain old HTTP sites at
> the same time. And it can dramatically reduce the number of entries for
> ipvsadm; however you may need to reinvent the wheel a little to get
> persistence working (for example) from the proxy to the realserver.
this comes up on the ml every couple of years. The
conclusion each time is that the only reason you'd use a SSL
accelerator is to bypass the requirement for multiple copies
of each certficate.
I can't imagine an https site, where you put in your credit
card info, getting all that much traffic compared to the
http site where you do a lot of fetching.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
