From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: *
X-Spam-ASN: AS14383 205.234.109.0/24
X-Spam-Status: No, score=1.0 required=3.0 tests=AWL,HK_RANDOM_FROM,
 MSGID_FROM_MTA_HEADER shortcircuit=no autolearn=no version=3.3.2
Path: news.gmane.org!not-for-mail
From: Eric Wong <normalperson-rMlxZR9MS24@public.gmane.org>
Newsgroups: gmane.comp.lang.ruby.rainbows.general
Subject: [PATCH] FAQ: update SSL section, add Pound
Date: Mon, 16 Aug 2010 01:40:04 +0000
Message-ID: <20100816014004.GA9041@dcvr.yhbt.net>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: dough.gmane.org 1281922988 9311 80.91.229.12 (16 Aug 2010 01:43:08
 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 16 Aug 2010 01:43:08 +0000 (UTC)
To: rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Original-X-From:
 rainbows-talk-bounces-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org Mon Aug 16
 03:43:06 2010
Return-path: <rainbows-talk-bounces-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org>
Envelope-to: gclrrg-rainbows-talk@m.gmane.org
X-Original-To: rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Delivered-To: rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-BeenThere: rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <rainbows-public@bogomips.org>
List-Unsubscribe: <http://rubyforge.org/mailman/options/rainbows-talk>,
 <mailto:rainbows-talk-request-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org?subject=unsubscribe>
List-Archive: <http://rubyforge.org/pipermail/rainbows-talk>
List-Post: <rainbows-public@bogomips.org>
List-Help:
 <mailto:rainbows-talk-request-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org?subject=help>
List-Subscribe: <http://rubyforge.org/mailman/listinfo/rainbows-talk>,
 <mailto:rainbows-talk-request-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org?subject=subscribe>
Original-Sender:
 rainbows-talk-bounces-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Errors-To: rainbows-talk-bounces-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
Xref: news.gmane.org gmane.comp.lang.ruby.rainbows.general:121
Archived-At:
 <http://permalink.gmane.org/gmane.comp.lang.ruby.rainbows.general/121>
Received: from rubyforge.org ([205.234.109.19]) by lo.gmane.org with esmtp
 (Exim 4.69) (envelope-from
 <rainbows-talk-bounces-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org>) id
 1OkojC-0003su-G7 for gclrrg-rainbows-talk@m.gmane.org; Mon, 16 Aug 2010
 03:43:06 +0200
Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org
 (Postfix) with ESMTP id D5979185835A; Sun, 15 Aug 2010 21:43:05 -0400 (EDT)
Received: from dcvr.yhbt.net (dcvr.yhbt.net [64.71.152.64]) by rubyforge.org
 (Postfix) with ESMTP id C9C5A185835A for
 <rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org>; Sun, 15 Aug 2010
 21:40:05 -0400 (EDT)
Received: from localhost (unknown [127.0.2.5]) by dcvr.yhbt.net (Postfix)
 with ESMTP id E71201F841; Mon, 16 Aug 2010 01:40:04 +0000 (UTC)

Hi all, I just added Pound to the FAQ section.

Does anybody have more experience with other HTTPS reverse
proxy solutions and could recommend them?

Pound has the advantage of coming with X-Forwarded-For support
out-of-the-box.

I haven't tested either for performance/scalability.  Both use the
thread-per-connection concurrency model, but Pound appears to use the
default stack size (8M(!) on my NPTL systems) while stunnel sets the
thread stack size to 64K (which I seem to recall was the minimum
under LinuxThreads).

Nowadays NPTL allows stack sizes as low as 16K (which is still high
IMHO, but I also don't know how much stack OpenSSL uses).  Those
of you with more interest in HTTPS performance/scalability could
try lowering stack sizes for Pound and perhaps submitting patches
upstream.

>>From 2f0ac01589cdc9775f7a5668c4ac491712a9f1b1 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson-rMlxZR9MS24@public.gmane.org>
Date: Mon, 16 Aug 2010 01:02:30 +0000
Subject: [PATCH] FAQ: update SSL section, add Pound

Pound appears to work well in my limited testing with
t/sha1.ru and "curl -T-"
---
 FAQ |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/FAQ b/FAQ
index 5c4ea2c..7609d55 100644
--- a/FAQ
+++ b/FAQ
@@ -52,9 +52,14 @@ solution even if nginx will always outperform it in raw throughput.
 
 === How do I support SSL?
 
-If you need a streaming "rack.input" to do upload processing within your
-Rack application, then {stunnel}[http://stunnel.org/] is required.
-Otherwise, nginx is a perfectly good reverse proxy.
+If you need streaming "rack.input" to do on-the-fly upload processing
+within your Rack application, then using an SSL proxy such as
+{Pound}[http://www.apsis.ch/pound/] or {Stunnel}[http://stunnel.org/] is
+required.  Pound has built-in X-Forwarded-For support while Stunnel
+requires a extra {patch}[http://haproxy.1wt.eu/download/patches/].
+
+If you don't need streaming "rack.input", then nginx is a great HTTPS
+reverse proxy.
 
 Refer to the {Unicorn FAQ}[http://unicorn.bogomips.org/FAQ.html] on how
 to ensure redirects go to "https://" URLs.
-- 
Eric Wong
_______________________________________________
Rainbows! mailing list - rainbows-talk-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
http://rubyforge.org/mailman/listinfo/rainbows-talk
Do not quote signatures (like this one) or top post when replying