Page 1 of 1

Question regarding SSL enabled server

Posted: Mon Aug 28, 2006 10:47 am
by kucha12
Hello everyone.

I'm going to have a SSL enabled server on my network, however I don't know how to implement it:

a) Should I compile one big IRCd for both, SSL and non-SSL enabled clients

b) Or I should compile one tiny non-SSL IRCd and link it to another IRCd running on localhost machine which has enabled only SSL port?

90% of my clients will be using non-SSL connections. Which configuration would be optimal for best performance/lowest cpu usage? Post your experience/opinions please.

Posted: Mon Aug 28, 2006 1:45 pm
by SpaceDoG
kucha12 you compile like you normally would except that you enable SSL. Unreal will ask you where you installed SSL at just leave it blank and Unreal will find it. Then when you configure your listen blocks just set one port to be an SSL enabled port and everything should be good to go.

Posted: Mon Aug 28, 2006 3:50 pm
by kucha12
yes yes I know how to compile and yes I've read the docs. You don't understand my question. I'm asking about the number of daemons to run: one or two. I'd like to use a scheme which big networks use so I need an advice.

Posted: Mon Aug 28, 2006 4:58 pm
by Jobe
You shouldnt need to run a seperate IRCd for SSL connections. As stated above you can have for example a listen block for port 6697 set to SSL and all other list blocks without the SSL option. Personally i have a port for SSL and ports for non-SSL on my IRCd (1 process). If running 2 IRCd's (one for only SSL and one for only non-SSL) on the same computer there is no real benefits that i can think of. Plus your server's memory is going to end up with 2 copies of the IRC networks state information.

So i would recomend you have both SSL and non-SSL on the same IRCd config.

BTW when you compile with SSL you can still have non-SSL ports open.

Posted: Mon Aug 28, 2006 4:58 pm
by Syzop
If they both run on the same box: one. Running 2 ircds for the same network on the same box only adds to cpu usage and memory usage (sending data between servers, both having to do the bookkeeping etc).

If you mean you have 2 boxes, then I suggest to run one on either one. But then I actually suggest to run both SSL enabled, so you can spread the SSL load to both of them.

SSL can eat quite some cpu, but as you say (and like most networks) usually the (big) majority of users don't use SSL.

If it turns out that more users will be using SSL than you thought, or when it turns out the CPU usage is more than you want it to be, simply add another server (on another box) to spread the load (and use DNS round robin, of course).

Posted: Wed Aug 30, 2006 9:35 pm
by kucha12
Thanks for your replies guys!