currently I'm using the following scheme to serve both static y and dynamic content.
I have compiled stunnel with X-Forwarded-For support patch.
Internet(http) -> haproxy (frontend1) -> Apache Farm
Internet(https) -> stunnel -> haproxy (frontend2) -> Apache Farm
Stunnel is configured to use the certificate from xxxx.com. It is possible to add support for stunnel to serve with other certificates?
cert = /etc/stunnel/group.cert
key = /etc/stunnel/private.key
verify = 0
debug = local0.debug
CAfile = /etc/stunnel/group.cert
chroot = /var/run/stunnel4/chroot
setuid = stunnel4
setgid = stunnel4
failover = prio
xforwardedfor = yes
TIMEOUTclose=0
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
[https]
accept = 443
connect = HAPROXYHOST:FRONTEND2PORT
I know I can run another stunnel instance wich binds to another IP address, but we don't have infinite public address if the we decide to host more sites, I know that one can configure Apache to serve different certificates per VirtualHost, is possible to do this with this scheme? Or maybe changing from stunnel to Apache mod_proxy or another solution.
Many thanks.