could anybody tell me if ssl traffic proxied from apache to mongrel remains encrypted and is decrypted by mongrel or is it -as i would think- decrypted by apache and sent over the network to mongrel in plain text
on 2007-03-16 10:45
on 2007-03-16 13:42
It's sent in plain text, but you could set up an encrypted tunnel between the apache box and the mongrel one using ssh or stunnel over a tcp port and point the apache config to localhost:chosenport. Shawn Balestracci
on 2007-03-16 15:54
On Fri, 16 Mar 2007 07:41:44 -0500 "Vegan Buddy" <email@example.com> wrote: > > It's sent in plain text, but you could set up an encrypted tunnel > between the apache box and the mongrel one using ssh or stunnel over a > tcp port and point the apache config to localhost:chosenport. I recommend stunnel too. It's pretty easy to setup, runs as a daemon, and you can also (if you need) configure client certificate requirements so that the channel is secured on both ends. -- Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu http://www.zedshaw.com/ http://www.awprofessional.com/title/0321483502 -- The Mongrel Book http://mongrel.rubyforge.org/
on 2007-03-16 17:39
thanks for the replies guys. stunnel is exactly what i was thinking. i've used it quite a bit encrypting traffic between snort sensors and the management server. i just wanted to make sure i wasn't doubling up on the encryption (ssl inside stunnel) and adding excess overhead. normally i would just take a quick packet capture and see if it was coming through plain text but im only doing the planning right now so i don't have anything set up yet to test. thanks again.