RE: setup with Oracle and SSL

From: Anne Moore <diabeticithink#yahoo.com>
Date: Sat, 13 Mar 2010 20:22:39 -0500


This is wonderful. Thank you.  

Would I have to setup stunnel on a different server, and then forward those SSL requests to the haproxy server, and then from there, forward those request to the web servers? Or, can stunnel be installed and used on the same server as the haproxy? If I used stunnel and haproxy, would each of my web servers websites also need an SSL certificate installed? (Or is the SSL certificate only installed on the stunnel box?)  

Also, quick question regarding how haproxy works (I'm a newbie, as you can tell). Does my users put in the haproxy server name in their url, like so: http://haproxyservername.domain.com ? And then that forwards requests the webservers and load balances them?  

Sorry for so many questions! I'm totally new at this.  

Thank you again for taking the time to help.  

Anne


From: Craig Carl [mailto:craig#gestas.net] Sent: Saturday, March 13, 2010 5:52 PM
To: Anne Moore
Cc: XANi; haproxy#formilux.org
Subject: Re: setup with Oracle and SSL

Anne -

   Your would need an application to handle SSL and forward HTTP. I use stunnel for that with no problem. This is the guide I used, the basics are the same on any distro -

http://www.buro9.com/blog/2009/12/07/installing-haproxy-load-balance-http-an d-https/

Craig

On Sat, Mar 13, 2010 at 2:27 PM, Anne Moore <diabeticithink#yahoo.com> wrote:

Very interesting. Thank you for the reply. That's very disappoint that haproxy doesn't support SSL.  

However, what if I my haproxy was HTTP, and it forwarded requests to my two backend HTTPS (SSL) URL servers?  

Would this scenario work fine with haproxy?  

Thank you  

Anne


From: XANi [mailto:xani666#gmail.com]
Sent: Saturday, March 13, 2010 4:25 PM
To: Anne Moore
Cc: haproxy#formilux.org
Subject: Re: setup with Oracle and SSL

Hi
Dnia 2010-03-13, sob o godzinie 13:34 -0500, Anne Moore pisze:

Greetings to all,

I'm new to this group, but have really been working hard on getting haproxy working for Oracle Application HTTP server over SSL.

I've looked through the website, but can't seem to find anything that shows how to setup SSL on the haproxy. I also can't find anything on how to setup haproxy with Oracle Application HTTP server.

Would someone on this list have that knowledge, and be willing to share?

Thank you!

Anne

That's because haproxy doesn't support SSL in http mode, if u want HTTPS u need to set up "SSL proxy" in form of for example Lighttpd. so it works like that:
Lighttpd( https:443) -> Haproxy(http:80) ->your_backend_servers.

Only thing to watch out is loggin client IP, basically u have to add to config
option forwardfor except 127.0.0.1
where "127.0.0.1" is ur SSL proxy address Then proxy will be passing original client IP thru "X-Forwarded-For" header

"except 127.0.0.1" is because lighttpd adds "X-Forwarded-For" when used as proxy so haproxy doesn't have to (obv. replace it with other ip if ur SSL proxy is on different host)

Regards
XANi

-- 

Mariusz Gronczewski (XANi) <xani666#gmail.com>

GnuPG: 0xEA8ACE64

http://devrandom.pl
Received on 2010/03/14 02:22

This archive was generated by hypermail 2.2.0 : 2010/03/14 02:30 CET