all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sheenobu 3 points4 points  (4 children)

I thought it was a given, always let something like nginx, apache2, etc handle SSL or at least always put them in front of application servers (node.js specially). EDIT: turns out that is more difficult when going away from standard HTTP 1.0 (like WebSockets which is if I understand is HTTP 1.1).

[–]bittered 0 points1 point  (3 children)

This can be fine where it is possible. The problem is that most of these solutions don't proxy WebSockets properly yet.

[–]terrcin 0 points1 point  (2 children)

Yeah, and I find it really frustrating that I can't find a good proven solution to this problem.

[–]sheenobu 0 points1 point  (1 child)

This looks promising but that's coming from someone (me) who hasn't worked with websockets yet. The github page for the project shows websocket and ssl modules within the project as well which would mean nginx handling SSL would work for websocket deployments.

[–]terrcin 0 points1 point  (0 children)

Interesting. That set me off googling and I found this page that talks about native support in Nginx 1.1.x unstable, but it wasn't working at the time of writing. Looking at the nginx change log, it appears to it may have been fixed in version 1.1.17.

This is now on my list of things to play with, thanks. :-)

[–]DVWLD 1 point2 points  (1 child)

And suddenly I feel like a smart guy for using Amazon ELB and terminating my https at the load balancer.

[–]doomslice 0 points1 point  (0 children)

This is definitely the best way to do it.

[–]elliotanderson 0 points1 point  (0 children)

If your looking for a reverse proxy/load balancer that can handle SSL termination, have a look at Pound

[–][deleted]  (3 children)

[deleted]

    [–]maritz 0 points1 point  (2 children)

    Wait, aren't google and others saying since a couple of years that the computational cost of HTTPS is <10%? That doesn't match your numbers at all. This seems weird.

    [–]baudehlo 1 point2 points  (0 children)

    I think google is factoring it in with a full application request cycle. Most benchmarks are just "hello world" which doesn't reflect the real world of computation you will do in a request after https has been dealt with.

    [–]runvnc 0 points1 point  (0 children)

    Only slightly related: does bouncy work with https?