We have tried both apache and Pound as ssl-reverse-proxy solutions for openacs. As far as the logging is concerned if you use apache you only need to use the apache http log, that contains all the info you should need. With the following config file lines the log file should look like the aolserver access.log:
HostnameLookups Off
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/access_log combined
If you want to use apache you will probably need some rewrite rules for redirects coming from the backend server that would otherwise by-pass the proxy server. OpenACS uses returnredirect quite a lot and you need to deal with that.
Pound is another option, it is a small reverse-ssl-proxy that lets you load balance requests based on url matching, it checks that status of the backend-servers and it has (as far as i know) most of the proxy-features apache can offer. Pound also takes care of the X-Forwarded-for headers and keeps a combined log file for all requests.
