could anybody tell me if ssl traffic proxied from apache to mongrel
remains encrypted and is decrypted by mongrel or is it -as i would
think- decrypted by apache and sent over the network to mongrel in plain
text
It’s sent in plain text, but you could set up an encrypted tunnel
between the apache box and the mongrel one using ssh or stunnel over a
tcp port and point the apache config to localhost:chosenport.
Shawn Balestracci
On Fri, 16 Mar 2007 07:41:44 -0500
“Vegan Buddy” [email protected] wrote:
It’s sent in plain text, but you could set up an encrypted tunnel
between the apache box and the mongrel one using ssh or stunnel over a
tcp port and point the apache config to localhost:chosenport.
I recommend stunnel too. It’s pretty easy to setup, runs as a daemon,
and you can also (if you need) configure client certificate
requirements so that the channel is secured on both ends.
–
Zed A. Shaw, MUDCRAP-CE Master Black Belt Sifu
http://www.awprofessional.com/title/0321483502 – The Mongrel Book
http://mongrel.rubyforge.org/
thanks for the replies guys. stunnel is exactly what i was thinking.
i’ve used it quite a bit encrypting traffic between snort sensors and
the management server. i just wanted to make sure i wasn’t doubling up
on the encryption (ssl inside stunnel) and adding excess overhead.
normally i would just take a quick packet capture and see if it was
coming through plain text but im only doing the planning right now so i
don’t have anything set up yet to test.
thanks again.