Hello everyone.
I'm going to have a SSL enabled server on my network, however I don't know how to implement it:
a) Should I compile one big IRCd for both, SSL and non-SSL enabled clients
b) Or I should compile one tiny non-SSL IRCd and link it to another IRCd running on localhost machine which has enabled only SSL port?
90% of my clients will be using non-SSL connections. Which configuration would be optimal for best performance/lowest cpu usage? Post your experience/opinions please.
Question regarding SSL enabled server
You shouldnt need to run a seperate IRCd for SSL connections. As stated above you can have for example a listen block for port 6697 set to SSL and all other list blocks without the SSL option. Personally i have a port for SSL and ports for non-SSL on my IRCd (1 process). If running 2 IRCd's (one for only SSL and one for only non-SSL) on the same computer there is no real benefits that i can think of. Plus your server's memory is going to end up with 2 copies of the IRC networks state information.
So i would recomend you have both SSL and non-SSL on the same IRCd config.
BTW when you compile with SSL you can still have non-SSL ports open.
So i would recomend you have both SSL and non-SSL on the same IRCd config.
BTW when you compile with SSL you can still have non-SSL ports open.
If they both run on the same box: one. Running 2 ircds for the same network on the same box only adds to cpu usage and memory usage (sending data between servers, both having to do the bookkeeping etc).
If you mean you have 2 boxes, then I suggest to run one on either one. But then I actually suggest to run both SSL enabled, so you can spread the SSL load to both of them.
SSL can eat quite some cpu, but as you say (and like most networks) usually the (big) majority of users don't use SSL.
If it turns out that more users will be using SSL than you thought, or when it turns out the CPU usage is more than you want it to be, simply add another server (on another box) to spread the load (and use DNS round robin, of course).
If you mean you have 2 boxes, then I suggest to run one on either one. But then I actually suggest to run both SSL enabled, so you can spread the SSL load to both of them.
SSL can eat quite some cpu, but as you say (and like most networks) usually the (big) majority of users don't use SSL.
If it turns out that more users will be using SSL than you thought, or when it turns out the CPU usage is more than you want it to be, simply add another server (on another box) to spread the load (and use DNS round robin, of course).