Re: setup with Oracle and SSL

From: Craig Carl <craig#gestas.net>
Date: Sat, 13 Mar 2010 17:40:11 -0800


Anne -

    You really need to read the documentation at http://haproxy.1wt.eu/download/1.3/doc/architecture.txt. Check section 3.1 for a stunnel example.

C

On Sat, Mar 13, 2010 at 5:22 PM, Anne Moore <diabeticithink#yahoo.com>wrote:

> This is wonderful. Thank you.
>
> Would I have to setup stunnel on a different server, and then forward those
> SSL requests to the haproxy server, and then from there, forward those
> request to the web servers? Or, can stunnel be installed and used on the
> same server as the haproxy? If I used stunnel and haproxy, would each of my
> web servers websites also need an SSL certificate installed? (Or is the SSL
> certificate only installed on the stunnel box?)
>
> Also, quick question regarding how haproxy works (I'm a newbie, as you can
> tell). Does my users put in the haproxy server name in their url, like so:
> http://haproxyservername.domain.com ? And then that forwards requests the
> webservers and load balances them?
>
> Sorry for so many questions! I'm totally new at this.
>
> Thank you again for taking the time to help.
>
> Anne
>
> ------------------------------
> *From:* Craig Carl [mailto:craig#gestas.net]
> *Sent:* Saturday, March 13, 2010 5:52 PM
> *To:* Anne Moore
> *Cc:* XANi; haproxy#formilux.org
>
> *Subject:* Re: setup with Oracle and SSL
>
> Anne -
> Your would need an application to handle SSL and forward HTTP. I use
> stunnel for that with no problem. This is the guide I used, the basics are
> the same on any distro -
>
>
> http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-and-https/
>
> Craig
>
>
> On Sat, Mar 13, 2010 at 2:27 PM, Anne Moore <diabeticithink#yahoo.com>wrote:
>
>> Very interesting. Thank you for the reply. That's very disappoint that
>> haproxy doesn't support SSL.
>>
>> However, what if I my haproxy was HTTP, and it forwarded requests to my
>> two backend HTTPS (SSL) URL servers?
>>
>> Would this scenario work fine with haproxy?
>>
>> Thank you
>>
>> Anne
>>
>> ------------------------------
>> *From:* XANi [mailto:xani666#gmail.com]
>> *Sent:* Saturday, March 13, 2010 4:25 PM
>> *To:* Anne Moore
>> *Cc:* haproxy#formilux.org
>> *Subject:* Re: setup with Oracle and SSL
>>
>> Hi
>> Dnia 2010-03-13, sob o godzinie 13:34 -0500, Anne Moore pisze:
>>
>> Greetings to all,
>>
>> I'm new to this group, but have really been working hard on getting
>> haproxy working for Oracle Application HTTP server over SSL.
>>
>> I've looked through the website, but can't seem to find anything that
>> shows how to setup SSL on the haproxy. I also can't find anything on how to
>> setup haproxy with Oracle Application HTTP server.
>>
>> Would someone on this list have that knowledge, and be willing to share?
>>
>> Thank you!
>>
>> Anne
>>
>> That's because haproxy doesn't support SSL in http mode, if u want HTTPS u
>> need to set up "SSL proxy" in form of for example Lighttpd.
>> so it works like that:
>> Lighttpd( https:443) -> Haproxy(http:80) ->your_backend_servers.
>>
>> Only thing to watch out is loggin client IP, basically u have to add to
>> config
>> option forwardfor except 127.0.0.1
>> where "127.0.0.1" is ur SSL proxy address
>> Then proxy will be passing original client IP thru "X-Forwarded-For"
>> header
>>
>> "except 127.0.0.1" is because lighttpd adds "X-Forwarded-For" when used as
>> proxy so haproxy doesn't have to (obv. replace it with other ip if ur SSL
>> proxy is on different host)
>>
>> Regards
>> XANi
>>
>> --
>> Mariusz Gronczewski (XANi) <xani666#gmail.com>
>> GnuPG: 0xEA8ACE64http://devrandom.pl
>>
>>
>
Received on 2010/03/14 02:40

This archive was generated by hypermail 2.2.0 : 2010/03/14 02:45 CET