[ZendTo] Re: Probably a stupid questionŠ .
John Thurston
john.thurston at alaska.gov
Thu Aug 8 17:08:20 BST 2013
>> ----- Original Message -----
>> From: "John Thurston" <john.thurston at alaska.gov>
>> To: "ZendTo Users" <zendto at zend.to>
>> Sent: Monday, 15 July, 2013 5:08:33 PM
>> Subject: [ZendTo] Re: Probably a stupid questionŠ .
>>
>> On 7/13/2013 8:21 AM, Gray McCord wrote:
>>> Thanks, John! I'll give this a try. BTW, when you talk about less
>>> throughput, can you tell about how much?
>>
>> I did not perform benchmarks in either configuration.
> - snip -
>> YMMV. In my deployment, I'm proxying https via https, so there is a lot
>> of protocol overhead. I am not using "jumbo" frames. I have made no
>> effort to optimize my https cipher negotiations or implement ssl
>> off-loading. My ZendTo is running on linux on VMWare ESXi. I don't know
>> if VMWare or its networking is is optimally configured.
On 8/8/2013 1:10 AM, Phil Daws wrote:
> You could always front ZendTo with HAProxy and if you trust your
> internal network you could go the route of: Internet (HTTP/S) ->
> HAProxy (Redirects HTTP -> HTTPS FrontEnd) -> HAProxy (HTTPS) ->
> ZendTo (HTTP)
>
> This will work as-long as you use the 1.5dev branch of HAProxy.
> HAProxy will handle all the SSL aspect of the connection.
I can proxy https to http with mod-proxy on the apache web server and
the performance is much better. But, I treat all of my internal networks
as hostile so https is just as important there as on the external network.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
More information about the ZendTo
mailing list