September 5th, 2001, 03:45 AM
|
|
Contributing User
|
|
Join Date: Jan 2001
Posts: 5
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
1) Apache-SSL is more reliable and it gives you better performance but more resources will be used or wasted if you also run non-SSL. mod_ssl, on the other hand, is better for maintenance (you only get httpd.conf and httpd binary, not a separate httpsd.conf and httpsd). Say you've made some changes to httpd.conf, you don't need to sync that (by hand) to httpsd.conf.
2) No. Adding SSL takes significant amount of resources and it's not a wise thing to do for those who don't wish to enable SSL.
3) Redhat sucks. Why bother to install mod_ssl in RPM format and accept every default configurations (lose flexibility)? If you must stick with Redhat, grab the src and compile yourself.
Finally, mod_ssl or Apache-SSL depends on what percentage of your site should be accessed via https. In mod_ssl, say you specify the following:
MinSpareServers 5
MaxSpareServers 30
StartServers 5
and start it with apachectl startssl, 5 daemons will be started to handle BOTH SSL and non-SSL. In Apache-SSL, you need to start a whole new daemon httpsd and use httpsd.conf (a separate configure file). Say you start it with:
MinSpareServers 5
MaxSpareServers 30
StartServers 5
If your https site doesn't need or you simply don't know how many server you should start, starting a fixed number of 5 might waste your system resources where you should have allocated it to httpd instead.
That said, with mod_ssl, you can specify more server to start with and adjust the min and max to a higher value without worrying how much resource you should allocate for each. For example of httpd.conf (SSL+non-SSL):
MinSpareServers 10
MaxSpareServers 60
StartServers 10
|
Dev Shed Forums Sponsor:
SSL choices...
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
