Pound SSL Proxy

https://secwise.nl/lets-encrypt-certifcates-and-pound-load-balancer/

SSL Encryption
Create a private key to encrypt a site:

mkdir -p ~/.ssl/pound
cd ~/.ssl/pound

Generate an RSA private key for the server:

openssl genrsa -out server.key 2048

Then create the Certificate Signing Request file, or CSR.

openssl req -newkey rsa:2048 -keyout server.key -out server.csr

StartSSL has free Class 1 SSL certificates that can be used cheaply. Follow their Certificate Wizard to create the certificate.
Download their root CA certificate and the intermediate CA certificate:

cd ~/.ssl/pound
wget https://startssl.com/certs/ca.crt
wget https://startssl.com/certs/sca.server1.crt

Combine your private key, the domain's certificate (from StartCom), the intermediate certificate and the root certificate files into one PEM file for Pound to use:

cat server.key server.pem  sca.server1.crt ca.crt \
>/usr/local/etc/pound/test1.mydomain.com.pem

Add the HTTPS directive to /usr/local/etc/pound.cfg:

ListenHTTPS
  Address 1.2.3.4
  Port    443
  Disable SSLv2
  Disable SSLv3
  Cert    "/usr/local/pound/test1.mydomain.com.pem"
  SSLHonorCipherOrder 1
  Ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"

Service HeadRequire "Host:.*test1.mydomain.com.*" BackEnd Address 192.168.1.11 Port 80 End End End

Resources
Pound Reverse SSL Proxy for Multiple Servers
Pound, SSL and real Certificates, redux

Recent Updates

Apache

1 year 12 months ago
Apache

1 year 12 months ago
lighttpd

1 year 12 months ago

php 8.x
MariaDB

1 year 12 months ago

10.6.7
CentOS

2 years 1 day ago

Drop Centos 5/6 stuff

Recent Links

SquidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
NCurses Disk Usage

A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don't have an entire gaphical setup, but have to do with a simple SSH connection. ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
WPKG

WPKG is an automated software deployment, upgrade and removal program for Windows.

It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.

It can run as a service to install software in the background (silent install), without user interaction.

It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.

WPKG is open source software.
opsi

opsi (Open PC Server Integration) the Open Source client management system
Vagrant

Vagrant is a tool for building complete development environments. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases development/production parity, and makes the "works on my machine" excuse a relic of the past.

Main menu

You are here

Pound SSL Proxy

Recent Updates

Recent Links