Tag Archives: stud

SSL Client certificate information in HTTP headers and logs

HAProxy and SSL HAProxy has many nice features when speaking about SSL, despite SSL has been introduced in it lately. One of those features is the client side certificate management, which has already been discussed on the blog. One thing … Continue reading

Posted in Aloha, HAProxy, ssl | Tagged , , , , , , , , | Leave a comment

How to get SSL with HAProxy getting rid of stunnel, stud, nginx or pound

Update: HAProxy can now handle SSL client certificate: SSL Client certificate management at application level History HAProxy is well know for its performance as a reverse-proxy and load-balancer and is widely deployed on web platforms where performance matters. It is sometimes … Continue reading

Posted in HAProxy, layer7, ssl | Tagged , , , , , , | 65 Comments

HOWTO SSL native in HAProxy

IMPORTANT NOTE: this article has been outdated since HAProxy-1.5-dev12 has been released (10th of September). For more information about SSL inside HAProxy. please read: How to get SSL with HAProxy getting rid of stunnel, stud, nginx or pound Synopsis Since yesterday … Continue reading

Posted in HAProxy, layer7, ssl | Tagged , , , , , , | 28 Comments

Preserve source IP address despite reverse proxies

What is a Reverse-Proxy? A Reverse-proxy is a server which get connected on upstream servers on behalf of users. Basically, it usually maintain two TCP connections: one with the client and one with the upstream server. The upstream server can … Continue reading

Posted in Aloha, architecture | Tagged , , , , , | 3 Comments

Scaling out SSL

Synopsis We’ve seen recently how we could scale up SSL performance. But what about scaling out SSL performance? Well, thanks to Aloha and HAProxy, it’s easy to manage smartly a farm of SSL accelerator servers, using persistence based on the … Continue reading

Posted in benchmark, optimization, ssl | Tagged , , , | 8 Comments

Benchmarking SSL performance

Introduction The story Recently, there has been some attacks against website which aimed to steal user identity. In order to protect their users, major website owners had to find a solution. Unfortunately, we know that sometimes, improving security means downgrading performance. … Continue reading

Posted in benchmark, ssl | Tagged , , , , | 21 Comments