SSL and thin/fat server setups.

["Christopher L. Everett" <ce...@cobalt.physemp.com>]

Hello all,

I've been running apache+mod_perl servers with apache+mod_ssl
front-ends, and been quite happy with this type of setup for 
quite some time.

Now I need to use SSL certificates for authenticating users 
of an online database.  It seems like there's no way to get 
the SSL information that the front-end sees to the back-end
server because the SSL protocol underlies the HTTP protocol
(outside of writing a custom apache module, and passing back 
the cert info in headers) and there's no such thing as an SSL 
proxy module that I've been able to find.

Right now, I'm considering setting up a very lightweight 
apache+mod_perl+ssl+mod_proxy frontend with just a single 
perl auth/authz handler installed, and have that decrypt, 
authenticate, authorize, and proxy all SSL requests back 
to the fat server.  Then I revert the apache+mod_ssl front
end to a vanilla apache server and have it handle all 
plain HTTP requests.

Before I do this, I'd just like to know if anyone has any
other ideas on how to do this.

  --Christopher