[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Distributing crypto work away from apache-ssl?

...why do you need to run apache-ssl on the mail server, or on a single server at all? given your webmail application may require shared storage (squirrelmail does) but you can easily setup a cluster of apache's. Long term you'll have to anyway.

--On Monday, February 21, 2005 10:19 PM +0100 Marcin Owsiany <marcin@owsiany.pl> wrote:


As more and more users access our mail services through TLS/SSL, the CPU
load constantly grows. We already have multiple boxes for incoming
SMTP/submission, and moving stunnels serving POP3S to other boxes is

However I don't know what to do with the webmail, served by apache-ssl.
Is it possible to somehow move the crypto work to another host? Does
anyone have any experience with this? Would a simple stunnel (443->80)
be enough? AFAIK the webmail application itself does not care whether
it's accessed by http or by https, maybe except for self-referencing URL
creation - I'm not sure what part of URL it creates itself.

PS: Yes, I know about the crypto accelerator cards, but they seem a
"bit" expensive :-/
Marcin Owsiany <marcin@owsiany.pl>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Michael Loftis
Modwest Sr. Systems Administrator
Powerful, Affordable Web Hosting

Reply to: