Archive for the ‘SSL’ Category

Transparent proxy of SSL traffic using Pound to HAProxy backend patch and howto

Monday, July 20th, 2009

OK so I’ve previously blogged about how to get TPROXY and HAProxy working nicely together. But what if you want to terminate SSL traffic on the load balancer in order to use HaProxy to insert cookies in the standard HTTP stream to the backend servers?

Many thanks to Krisztián Ivancsó  for working on the TPROXY patch for Pound for us, we can finally do this!

(more…)

Posted in High Availability, Linux, Load Balancing, Pound, SSL, haproxy | 7 Comments »

Using ApacheBench to benchmark SSL performance on the Enterprise R16

Monday, September 15th, 2008
Loadbalancer.org are one of a number of vendors that pride themselves on offering affordable load balancing appliances that work. It is the likes of such companies that have collectively driven down the price of these solutions, making load balancing appliances available to companies who previously would not have been in a position to consider such investments.Kemp Technologies are a similar company who’s primary marketing drive centre’s around ‘value for money’. It is because of this glaring similarity that I decided to compare SSL performance capabilities, focusing on the entry-level appliance on offer from each vendor. Specification comparisons were taken, and subsequent performance tests examined whether performance levels met that of the stated specification. Results proved extremely interesting!

(more…)

Posted in Load Balancing, SSL | No Comments »

LVS Local node patch for Linux 2.6.25, Centos 5 kernel build how-to

Monday, July 28th, 2008

Standard Kernel builds of LVS (Linux Vitual Server) don’t have the ability to load balance traffic that is from the local node.
For example if you terminated some SSL traffic using stunnel or pound on the load balancer you then wouldn’t be able to forward that traffic to a backend real server through LVS.

First many thanks to Siim Põder for helping to port Carlos Lozano’s patch from 2.4 -> 2.6
In order to run an SSL reverse proxy on the same node that is running LVS
i.e.

External client —> pound:443 –> Local:443 —> IPVS:80 —> RealServer

The patch for Linux Kernel 2.6.25 is here:
http://www.loadbalancer.org/download/patches/ip_vs_locallvs.patch

The following is a guide how to install on Centos 5.1:
(more…)

Posted in LVS, Linux, Load Balancing, SSL | No Comments »

Why do SSL certificates cost so much?

Friday, May 9th, 2008

I was reading a post by Tony Bourkelicense to SSL“about the licencing restrictions of Verisign et al. when it comes to web sites running on clusters.
He noted a common mis-conception that if you host the SSL cert on the load balancer then you negate the need to pay for one licence per server..
WRONG… you still need to pay for each server in the cluster… wow and I thought it was bad enough to get charged for physicaly copying the cert…

(more…)

Posted in Load Balancing, SSL | No Comments »