I'm looking at introducing a loadbalancer to my existing site infrastructure to help with traffic growth and provide a level of failure protection.
The site I am running uses SSL certificates for the login section and I will need to continue with this functionality. The backend servers will need to be aware of the originating IP address so I can't use the TCP loadbalancing function and will need the SSL terminated on the loadbalancer so I can insert a
X-Forwarded-For
Header. I have seen a couple of ways of implementing the SSL decryption functionality one using stunnel and the other using Pound. I've been looking around however I am not sure what the pros/cons are of using one over the other. Does anyone have any experience in this and offer their recommendation?
Thanks
Best Answer
I'm not sure about Pound but I have managed to get Stunnel + HAProxy working including setting the originating IP address as an X-Forwarded-For header. The trick is to use Stunnel with the X-Forwarded-For patch. Here is a package which works on Ubuntu 10.04: https://launchpad.net/~szelcsanyi-gabor/+archive/stunnel4