Jonathan wrote:
> a- is this correct:
> the recommended place to run ssl through is some sort of proxy?
> ie:
> internet ||| -> Load Balancer ( ssl ) -> cluster ( mod_perl /
> vanilla / etc )
> internet ||| -> Apache Port 80/443 ( ssl + vanilla ) -> mod_perl
> ( port 8000 )
> internet ||| -> Lighttpd Port 80/443 ( ssl + vanilla ) ->
> mod_perl ( port 8000 )

I think ideally you would want your front end proxy layer / load balancer to be SSL
and ProxyPass or mod_rewrite to a backend mod_perl application layer.

Ideally only the proxy layer is physically on the Internet, so communication from proxy<->application layer doesn't
really have to be encrypted unless of course you don't trust your internal network. That will save you some $$$ in SSL
cards that you won't have to buy.

Proxyies on 80 and 433
application layer on 80 or whatever port

As long as your static content doesn't come off the application layer it doesn't really matter if its lighhttp or or
some httpd proxy config; likely, you'll need it to support HTTPS and HTTP to avoid the dreaded warnings for mixing
schemes for images and external URIs like javascript/css and the such.

Just my 2cents



--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@p6m7g8.com) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F

"In all that I've done wrong I know I must have done something right to
deserve a hug every morning and butterfly kisses at night."