I just set up a configuration using squid, using its "HTTP accelerator mode". Basically, you need to download and set up the following:
- Rob Mayoff's dqd_log module to log the X-Forwarded-For address as the requestor's IP
- squirm to write the forwarding (and filtering rules)
Basically, set up your servers with IP on the loopback interface (e.g. 127.0.0.10, 127.0.0.11, etc.) You can set up squid to accept SSL connections on the public IP and forward them to the non-SSL servers. You also get the Squid's ability to cache pages, which hopefully will reduce the number of hits to your db-backed web-server if you get slashdotted, and lastly, squirm allows you to speficy filtering rules that apply accross all your forwarded sites (e.g. to drop Code Red/Nimda probes).