Question regarding SSL enabled server

These are old archives. They are kept for historic purposes only.
Post Reply
kucha12
Posts: 6
Joined: Mon Aug 07, 2006 5:21 pm

Question regarding SSL enabled server

Post by kucha12 » Mon Aug 28, 2006 10:47 am

Hello everyone.

I'm going to have a SSL enabled server on my network, however I don't know how to implement it:

a) Should I compile one big IRCd for both, SSL and non-SSL enabled clients

b) Or I should compile one tiny non-SSL IRCd and link it to another IRCd running on localhost machine which has enabled only SSL port?

90% of my clients will be using non-SSL connections. Which configuration would be optimal for best performance/lowest cpu usage? Post your experience/opinions please.

SpaceDoG
Posts: 301
Joined: Mon Feb 27, 2006 5:44 am
Contact:

Post by SpaceDoG » Mon Aug 28, 2006 1:45 pm

kucha12 you compile like you normally would except that you enable SSL. Unreal will ask you where you installed SSL at just leave it blank and Unreal will find it. Then when you configure your listen blocks just set one port to be an SSL enabled port and everything should be good to go.

kucha12
Posts: 6
Joined: Mon Aug 07, 2006 5:21 pm

Post by kucha12 » Mon Aug 28, 2006 3:50 pm

yes yes I know how to compile and yes I've read the docs. You don't understand my question. I'm asking about the number of daemons to run: one or two. I'd like to use a scheme which big networks use so I need an advice.

Jobe1986
Official supporter
Posts: 1180
Joined: Wed May 03, 2006 7:09 pm
Location: United Kingdom

Post by Jobe1986 » Mon Aug 28, 2006 4:58 pm

You shouldnt need to run a seperate IRCd for SSL connections. As stated above you can have for example a listen block for port 6697 set to SSL and all other list blocks without the SSL option. Personally i have a port for SSL and ports for non-SSL on my IRCd (1 process). If running 2 IRCd's (one for only SSL and one for only non-SSL) on the same computer there is no real benefits that i can think of. Plus your server's memory is going to end up with 2 copies of the IRC networks state information.

So i would recomend you have both SSL and non-SSL on the same IRCd config.

BTW when you compile with SSL you can still have non-SSL ports open.

Syzop
UnrealIRCd head coder
Posts: 1933
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Post by Syzop » Mon Aug 28, 2006 4:58 pm

If they both run on the same box: one. Running 2 ircds for the same network on the same box only adds to cpu usage and memory usage (sending data between servers, both having to do the bookkeeping etc).

If you mean you have 2 boxes, then I suggest to run one on either one. But then I actually suggest to run both SSL enabled, so you can spread the SSL load to both of them.

SSL can eat quite some cpu, but as you say (and like most networks) usually the (big) majority of users don't use SSL.

If it turns out that more users will be using SSL than you thought, or when it turns out the CPU usage is more than you want it to be, simply add another server (on another box) to spread the load (and use DNS round robin, of course).

kucha12
Posts: 6
Joined: Mon Aug 07, 2006 5:21 pm

Post by kucha12 » Wed Aug 30, 2006 9:35 pm

Thanks for your replies guys!

Post Reply