Forum OpenACS Q&A: Re: OpenACS with virtual hosting
Regarding the cautionary note of the author of Pound, I would say that there as many opinions as people. The security risk is minimal and in the case of AOLServer the backend support for virtual hosting is rather minimal. Using Pound for virtual hosting isn't any riskier than say using Squid or any other reverse proxy.
I've done some extensive research into virtual hosting w/ AOLServer and OpenACS. There are other options -like Squid, or AOLServer + nsvhr (but w/o X-Forwarded-For headers)- but I came to the conclusion that Pound is by far the best solution.
A couple questions ...
I just finished reading through the Pound mailing list thread you initiated this past February. From that thread resolution (hard work!), it looks like the latest and greatest Pound will work with AOL Server. What version of Pound are you using on your production server(s)?
As far as I can see, the only additional security risk of using a reverse proxy is that you are adding another layer, and that layer (the reverse proxy) may have some kind of exploit. This risk looks minimal with Pound. Did you have any other risks in mind when you wrote the parent post?
Finally, can you provide any data points on RAM vs. # of AOLServer Instances? I have a box with 512MB of RAM that I will be using for virtual hosting and I am considering using AOLServer and OpenACS. (Catherine Meeks gave me a brief overview at a conference this weekend, and I'm pretty excited by the possibilities ...)
that's right another layer that could be exploited. I'm running production w/ the previous Pound 1.6 current (no longer available from Apsis as it has been replaced w/ a newer version). I haven't tried this new version.
I can't give you hard data points but as a comparison I'm running 3 AOLserver instances on a single processor w/ 640 Mb quite comfortably. Mind you all these sites are small sites. The Code Mill (http://www.thecodemill.biz) gets the most hists. Nothing to write home about though.
Maybe that others who provide virtual hosting can give more detailed information.