Rainbows! Rack HTTP server user/dev discussion
 help / color / mirror / code / Atom feed
From: Eric Wong <normalperson-rMlxZR9MS24@public.gmane.org>
To: rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Subject: [PATCH] FAQ: update SSL section, add Pound
Date: Mon, 16 Aug 2010 01:40:04 +0000	[thread overview]
Message-ID: <20100816014004.GA9041@dcvr.yhbt.net> (raw)

Hi all, I just added Pound to the FAQ section.

Does anybody have more experience with other HTTPS reverse
proxy solutions and could recommend them?

Pound has the advantage of coming with X-Forwarded-For support
out-of-the-box.

I haven't tested either for performance/scalability.  Both use the
thread-per-connection concurrency model, but Pound appears to use the
default stack size (8M(!) on my NPTL systems) while stunnel sets the
thread stack size to 64K (which I seem to recall was the minimum
under LinuxThreads).

Nowadays NPTL allows stack sizes as low as 16K (which is still high
IMHO, but I also don't know how much stack OpenSSL uses).  Those
of you with more interest in HTTPS performance/scalability could
try lowering stack sizes for Pound and perhaps submitting patches
upstream.

>From 2f0ac01589cdc9775f7a5668c4ac491712a9f1b1 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson-rMlxZR9MS24@public.gmane.org>
Date: Mon, 16 Aug 2010 01:02:30 +0000
Subject: [PATCH] FAQ: update SSL section, add Pound

Pound appears to work well in my limited testing with
t/sha1.ru and "curl -T-"
---
 FAQ |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/FAQ b/FAQ
index 5c4ea2c..7609d55 100644
--- a/FAQ
+++ b/FAQ
@@ -52,9 +52,14 @@ solution even if nginx will always outperform it in raw throughput.
 
 === How do I support SSL?
 
-If you need a streaming "rack.input" to do upload processing within your
-Rack application, then {stunnel}[http://stunnel.org/] is required.
-Otherwise, nginx is a perfectly good reverse proxy.
+If you need streaming "rack.input" to do on-the-fly upload processing
+within your Rack application, then using an SSL proxy such as
+{Pound}[http://www.apsis.ch/pound/] or {Stunnel}[http://stunnel.org/] is
+required.  Pound has built-in X-Forwarded-For support while Stunnel
+requires a extra {patch}[http://haproxy.1wt.eu/download/patches/].
+
+If you don't need streaming "rack.input", then nginx is a great HTTPS
+reverse proxy.
 
 Refer to the {Unicorn FAQ}[http://unicorn.bogomips.org/FAQ.html] on how
 to ensure redirects go to "https://" URLs.
-- 
Eric Wong
_______________________________________________
Rainbows! mailing list - rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
http://rubyforge.org/mailman/listinfo/rainbows-talk
Do not quote signatures (like this one) or top post when replying


                 reply	other threads:[~2010-08-16  1:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://yhbt.net/rainbows/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100816014004.GA9041@dcvr.yhbt.net \
    --to=normalperson-rmlxzr9ms24@public.gmane.org \
    --cc=rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this inbox:

	../../rainbows.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).