Re: Distributing crypto work away from apache-ssl?
...why do you need to run apache-ssl on the mail server, or on a single
server at all? given your webmail application may require shared storage
(squirrelmail does) but you can easily setup a cluster of apache's. Long
term you'll have to anyway.
--On Monday, February 21, 2005 10:19 PM +0100 Marcin Owsiany
As more and more users access our mail services through TLS/SSL, the CPU
load constantly grows. We already have multiple boxes for incoming
SMTP/submission, and moving stunnels serving POP3S to other boxes is
However I don't know what to do with the webmail, served by apache-ssl.
Is it possible to somehow move the crypto work to another host? Does
anyone have any experience with this? Would a simple stunnel (443->80)
be enough? AFAIK the webmail application itself does not care whether
it's accessed by http or by https, maybe except for self-referencing URL
creation - I'm not sure what part of URL it creates itself.
PS: Yes, I know about the crypto accelerator cards, but they seem a
"bit" expensive :-/
Marcin Owsiany <email@example.com> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
Modwest Sr. Systems Administrator
Powerful, Affordable Web Hosting