Re: setup with Oracle and SSL

From: Craig Carl <craig#gestas.net>
Date: Sat, 13 Mar 2010 14:52:04 -0800


Anne -

   Your would need an application to handle SSL and forward HTTP. I use stunnel for that with no problem. This is the guide I used, the basics are the same on any distro -

http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-and-https/

Craig

On Sat, Mar 13, 2010 at 2:27 PM, Anne Moore <diabeticithink#yahoo.com>wrote:

> Very interesting. Thank you for the reply. That's very disappoint that
> haproxy doesn't support SSL.
>
> However, what if I my haproxy was HTTP, and it forwarded requests to my two
> backend HTTPS (SSL) URL servers?
>
> Would this scenario work fine with haproxy?
>
> Thank you
>
> Anne
>
> ------------------------------
> *From:* XANi [mailto:xani666#gmail.com]
> *Sent:* Saturday, March 13, 2010 4:25 PM
> *To:* Anne Moore
> *Cc:* haproxy#formilux.org
> *Subject:* Re: setup with Oracle and SSL
>
> Hi
> Dnia 2010-03-13, sob o godzinie 13:34 -0500, Anne Moore pisze:
>
> Greetings to all,
>
> I'm new to this group, but have really been working hard on getting
> haproxy working for Oracle Application HTTP server over SSL.
>
> I've looked through the website, but can't seem to find anything that
> shows how to setup SSL on the haproxy. I also can't find anything on how to
> setup haproxy with Oracle Application HTTP server.
>
> Would someone on this list have that knowledge, and be willing to share?
>
> Thank you!
>
> Anne
>
> That's because haproxy doesn't support SSL in http mode, if u want HTTPS u
> need to set up "SSL proxy" in form of for example Lighttpd.
> so it works like that:
> Lighttpd( https:443) -> Haproxy(http:80) ->your_backend_servers.
>
> Only thing to watch out is loggin client IP, basically u have to add to
> config
> option forwardfor except 127.0.0.1
> where "127.0.0.1" is ur SSL proxy address
> Then proxy will be passing original client IP thru "X-Forwarded-For" header
>
> "except 127.0.0.1" is because lighttpd adds "X-Forwarded-For" when used as
> proxy so haproxy doesn't have to (obv. replace it with other ip if ur SSL
> proxy is on different host)
>
> Regards
> XANi
>
> --
> Mariusz Gronczewski (XANi) <xani666#gmail.com>
> GnuPG: 0xEA8ACE64http://devrandom.pl
>
>
Received on 2010/03/13 23:52

This archive was generated by hypermail 2.2.0 : 2010/03/14 00:00 CET