[prev in list] [next in list] [prev in thread] [next in thread]
List: perlbal
Subject: Perbal and Stunnel
From: aar () cpan ! org (Alessandro Ranellucci)
Date: 2006-01-16 18:47:55
Message-ID: r02010500-1038-7549450A86C011DAAE5B000393199010 () [192 ! 168 ! 1 ! 107]
[Download RAW message or body]
On 16-01-2006 at 18:32, Kevin Minnick wrote:
>Yes, 100 different IP addresses. We host SSL sites for many different
>companies, each with their own SSL cert.
100 stunnel instances will work for sure. I don't know how does stunnel
scale, though, so it may also become a bottleneck. Maybe an SSL-enhanced
hardware load balancer would do that more nicely.
>If mod_proxy supported an easy way (or any way) to:
>1. Detect a backend server failure
>2. Load Balance backend servers
>I would use that since it does support SSL nicely.
What about mod_proxy > Perlbal > backends?
>On a side note, I looked at the code for IO::Socket::SSL but I could
>not figure out how to get passed the blocking issue, but I'm by no
>means a skilled perl programmer.
The problem is not in IO::Socket::SSL and neither in Net::SSLeay, but is
in the OpenSSL libraries. That tiny SSL_accept() function in ssl_lib.c
is the blocking part, so I'm afraid that it would be quite impossible to
make that non-blocking by providing callbacks and so on.
I think that this task could be accomplished by a module silimiar to
IO::AIO, that is something with pthreads and a poll-like interface.
I haven't got no time to work on such a module, though :)
- alessandro.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic