Comments on: How to build a better (SSL proxy) mouse trap (with lighttpd)?

By: arunkamatH

arunkamatH — Fri, 21 Mar 2008 02:36:39 +0000

Interesting setup. I am interested in providing access to internal Citrix servers to external (i.e, Internet) users via a reverse proxy in the DMZ (considering Blue Coat)that will support SSL termination with hardware accelerator. The traffic from the reverse proxy to the Citrix server will be through a network load balancer (NetScaler or other, such as F5 or Coyote Point). I am wondering whether you have tried this config out and what I should watch out for. The objective is to have only Port 443 open on the external firewall.

By: Leslie

Leslie — Sun, 27 May 2007 18:38:36 +0000

Nginx has started to become popular in the Ruby community lately, thanks to Ezra:

http://brainspl.at/articles/2006/08/23/nginx-my-new-favorite-front-end-for-mongrel-cluster

By: Frédéric Wenzel

Frédéric Wenzel — Sun, 27 May 2007 11:08:47 +0000

I like the idea. Interesting to see that the netscaler’s SSL capability is weaker than regular HTTP servers.

I haven’t heard of nginx either, but if the information on the web page is right, it’s used pretty successfully further east on this continent. If you have the possibility, you might consider running a load test on lighty vs. nginx to see who does the better job.

By: mrz

mrz — Fri, 25 May 2007 17:17:15 +0000

Yusuf – yeah, I’ve using what’s current out of svn.

Nginx, never heard of that – I’ll take a look!

By: Leslie

Leslie — Fri, 25 May 2007 16:12:34 +0000

What do you think of Nginx?

By: Yusuf Goolamabbas

Yusuf Goolamabbas — Fri, 25 May 2007 15:56:02 +0000

lighty as a reverse proxy is only starting to be stable in 1.5-svn. if you need a reverse proxy which can do ssl + compression today, then you should look at nginx

Let me know if you need a config (proxy+gzip+ssl) to help you get bootstrapped. Email me

Also, for software SSL, The Opteron or the Sun Niagara T2000 screams