Yes I am using http-conduit for speed and all the peripheral benefits.Specifically the problem is that Nginx does not support sending incoming HTTP/1.1 requests using chunked transfer encoding (i.e.: a POST with a large body as commonly sent by mobile phones) or proxying a back-end response using chunked transfer encoding. Neither work.
A very simple proxy like the one you suggested would also work - but I suspect we want the proxy to be able to do things like set or filter headers and possibly route based on the Host header, yes? The actual "proxy" part of my code is impressively small. Most of the code is the subdomain routing, which may be useful for Keter, and the HTML parser that fixes URIs in pages.
Agreed - one caveat I can see with moving to a pure Yesod proxy is SSL support. That's breaking for anyone that wants to support secure log in without rolling their own SSL or SSL Middleware.
Actually, a WAI middleware wouldn't help here. (Plus, a WAI middleware is impossible due to what WAI is. Consider, for example, what a WAI SSL middleware would mean for CGI.) What we need here is an alternate to network-conduit's runTCPServer that uses SSL. My basic approach for adding the support to keter was:
* Added support to the config file for specifying the SSL port to listen on and the SSL certificate.
* If the SSL information is provided, provide that information to runTCPSSLServer (or whatever it's called), and start listening in the background just like we do for non-SSL.
Michael
On Aug 9, 2012 6:50 PM, "Blake Rain" <blake...@gmail.com> wrote:
>
> Just given the builtin-proxy branch of keter a whirl. I haven't been able to test any SSL yet, as I don't have any on the server. A few thoughts:
>
> 1. I will have to switch back to nginx (or something) as I have two sites (PHP and static HTML) that need to be served;
Actually, for the static HTML, you could just create a warp-static Keter bundle and serve it behind Keter. For the PHP site, you could use mighttpd2 as a Keter bundle and set it up to reverse proxy to your nginx server. I'm certain there's a yo dawg in there somewhere, or perhaps P R O X C E P T I O N.
Not sure if that's an improvement or not.
> 2. Keter's built-in proxy seems to give considerably faster response times than nginx. What have you done?
Thanks for that feedback :)