From 2f0ac01589cdc9775f7a5668c4ac491712a9f1b1 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Mon, 16 Aug 2010 01:02:30 +0000
Subject: FAQ: update SSL section, add Pound

Pound appears to work well in my limited testing with
t/sha1.ru and "curl -T-"
---
 FAQ | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/FAQ b/FAQ
index 5c4ea2c..7609d55 100644
--- a/FAQ
+++ b/FAQ
@@ -52,9 +52,14 @@ solution even if nginx will always outperform it in raw throughput.
 
 === How do I support SSL?
 
-If you need a streaming "rack.input" to do upload processing within your
-Rack application, then {stunnel}[http://stunnel.org/] is required.
-Otherwise, nginx is a perfectly good reverse proxy.
+If you need streaming "rack.input" to do on-the-fly upload processing
+within your Rack application, then using an SSL proxy such as
+{Pound}[http://www.apsis.ch/pound/] or {Stunnel}[http://stunnel.org/] is
+required.  Pound has built-in X-Forwarded-For support while Stunnel
+requires a extra {patch}[http://haproxy.1wt.eu/download/patches/].
+
+If you don't need streaming "rack.input", then nginx is a great HTTPS
+reverse proxy.
 
 Refer to the {Unicorn FAQ}[http://unicorn.bogomips.org/FAQ.html] on how
 to ensure redirects go to "https://" URLs.
-- 
cgit v1.2.3-24-ge0c7