Slashdot Mirror
Using Single Apache SSL/Non-SSL in Production?
tck1000 asks: "I currently maintain some legacy webservers, running Apache 1.3.x on Linux, on x86 hardware. Two separate daemons are used. One to serve SSL vhosts, and one to server non-SSL vhosts. Each of these servers also is compiled with PHP, mod_perl, and JServe, and also works with a Tomcat servlet engines. In the process of planning an upgrade path, I've thought about using a single daemon to serve both the SSL and Non-SSL vhosts. Is this a good idea?"
"These webservers serve about 4 million hits a day across all the vhosts. I'm worried about memory usage if every httpd process has to load mod_ssl, as well as everything else they load.
I've been searching for comparisons between running 2 daemons (and the associated effort in maintaining/upgrading/patching), vs. running a single daemon (with any added overhead it entails).
I've found a lot of examples of how to do it, but not much on the why's.
Comments, Opinions, Ideas, Links?"
This is what Slashdot does (and sourceforge too for that matter), they use one Apache host to serve content and use pound to do the SSL.
Good luck!
You can't grep a dead tree.
I don't understand what you are saying here. People use https to prevent others from sniffing their traffic, e.g. for credit card numbers or other data that should be kept secret, like passwords. Chroot environments are used for a completely different purpose: To keep the impact on your whole system as little as possible when (not if!) a security flaw in the daemon is discovered and thus an attacker can execute arbitrary code on your machine.
Comments, Opinions, Ideas, Links?
Recipe 7.4: Serving a Portion of Your Site via SSL from O'Reilly's Apache Cookbook ?
JP
With four million hits a day it does makes little sense to use Tomcat even for static content. Apache serves static pages faster than Tomcat and with less resources.