I’d like to use Mongrel_cluster with SSL on a green-field application
(it
can be configured however is best - initially, “ease of setup” is
important,
but then soon after will be scaling and response time). I’ve read a lot
of
emails on this topic, and checked out the Mongrel pages, etc, but I’m
left
with this question of what is recommended:
For a client-login application (no pages/images/anything are accessible
without logging in first - and the authentication is being done in
Rails,
not in Apache/Lighttpd):
- Is there a recommended setup to put SSL in front of a mongrel
cluster?
(pound is said to be somewhat slow and therefore won’t scale well;
lighttpd
has ssl built in, but there are some problems with mod_proxy so on the
mongrel website it says to connect to one port which is running balance;
pen
has only experimental SSL built into it; Apache seems like overkill if
it is
ONLY being used as an SSL front end)
-
if all pages are protected by login (being done in Rails using
session
variables to make sure that someone is logged in before serving a page),
then pages caching in Lighttp/Apache isn’t really feasible since they
serve
pages without checking with Rails first (i.e., without making sure the
person is logged in) unless you want to have lighttpd/apache do the
authentication (which I don’t want). Given that lighttpd / apache are
usually recommended to be in front of mongrel is in the case of serving
up
static content. but without that, then the only reason to use them is as
a
SSL front end, but then there are other options. -
if you’re going to run multiple apps on the setup (as:
app1.eyetools.com,
app2.eyetools.com, etc) does that change the recommendation?
Greg E.
CTO, Eyetools Inc.
(916) 792 4538