#
# This is an example webserver configuration using virtual hosts.
#
# See doc/config-guide.txt for descriptions of each command (line)
# and configuration syntax.
#
################################3
#
# to use SSL mode, you'll need IO::Socket::SSL 0.97+
#
# You can do SSL either on webserver mode, a reverse_proxy, or a service selector,
# but not if the service selector is vhost-based, because SSL and vhosts aren't
# compatible.
#
# the pound docs recommend this cipher list for a known bug in older
# versions of IE:
#
#     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#
# You can make a self-signed key and cert with;
#
#   openssl req -x509 -newkey rsa:1024 -keyout server-key.pem -out server-cert.pem -days 365 -nodes
#

CREATE POOL my_apaches
  POOL my_apaches ADD 10.0.0.10:8080
  POOL my_apaches ADD 10.0.0.11:8080

CREATE SERVICE site
  # NOTE: SSL mode only works for reverse_proxy, not for webserver.
  # http://lists.danga.com/pipermail/perlbal/2008-April/000916.html
  SET role            = reverse_proxy
  SET pool            = my_apaches
  SET persist_client  = on
  SET persist_backend = on
  SET verify_backend  = on

  SET enable_ssl      = on
  SET ssl_key_file    = certs/server-key.pem
  SET ssl_cert_file   = certs/server-cert.pem

  # optionally set the cipher list.  the default is "ALL:!LOW:!EXP"
  SET ssl_cipher_list = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

ENABLE site


# always good to keep an internal management port open:
CREATE SERVICE mgmt
  SET role   = management
  SET listen = 127.0.0.1:60000
ENABLE mgmt