|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2004
/
2004-02
/
Pound as SSL-Wrapper for many webservers
[
init.d start script for pound ? / Joachim Schmitz ... ]
[
HeadRemove does not remove all headers / Daniel ... ]
Pound as SSL-Wrapper for many webservers
Daniel Lorch <ml-daniel(at)lorch.cc> |
2004-02-09 15:59:49 |
[ FULL ]
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi
I have browsed the mailinglist archive and read the manpage, but I
could not come up with a solution for what I would like to use pound
for.
Suppose I have apples.ch on server A and bananas.ch on server B. What
I would like to have is a server https://secure.myhost.ch/apples/
and https://secure.myhost.ch/bananas/
, so pound would be serving as
an "SSL Wrapper" for these websites using my SSL-Certificate. There
is no load balancing involved, just redirecting.
There are many reasons I would like to have it this way:
~ - Logging. I don't need to change anything. With
~ http://stderr.net/apache/rpaf/ the
backend webservers won't
~ even notice the requests are coming from somewhere else.
~ - Orthogonal design - it's absolutely transparent to the users.
~ I can move apples.ch to server B and the user will not notice
~ anything.
~ - Cost - I only need to get 1 SSL certificate.
~ - Script-Wrapper - I guess this is a problem specific to me.
~ I'm using cgiwrap which forces me to specify a User and Group
~ in Apache's VirtualHost directive. Now the usual way of creating
~ an SSL-Host would be something like
~ # My SSL-Host
~ <VirtualHost 1.2.3.4>
~ ..
~ Alias /apples /home/apples/public_html/
~ Alias /bananas /home/bananas/public_html/
~ ..
~ </VirtualHost>
~ I'm not able to specify a User or Group here. I hope you under-
~ stand. And the same problem for logfiles - I just get a single
~ logfile for the SSL-Host. I know, I could use some fancy script
~ to extract individual requests and merge them into the users'
~ logfiles, but that just sucks.
The webservers are, of course, connected on an internal switch, but
that should not matter for what pound has to do.
I hope you understand what I am trying to do. Currently, I don't
see a way pound could do this. I have thought about two directives
pound would additionaly require:
~ 1. HeadAdd "header" - Adds a header value
~ 2. URIReplace - A regular expression to rewrite the URI
The imaginary configuration would then look like this:
~ Listen 1.2.3.4,80
~ # apples.ch
~ UrlGroup "apples/.*"
~ HeadRemove "Host"
~ HeadAdd "Host" "apples.ch"
~ URIReplace "^apples/" ""
~ EndGroup
~ # bananas.ch
~ UrlGroup "bananas/.*"
~ HeadRemove "Host"
~ HeadAdd "Host" "bananas.ch"
~ URIReplace "^bananas/" ""
~ EndGroup
Thoughts?
daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAJ6BWS2WJ/hBy2k8RAnIYAKCRv3kx4hdLG6prnuaDFtSpdje2nQCfTr6f
jQubFKYpSXFL5kIv+jv69Qk=
=zh+p
-----END PGP SIGNATURE-----
|
|
|
Re: Pound as SSL-Wrapper for many webservers
Daniel Lorch <daniel(at)lorch.cc> |
2004-02-09 17:35:16 |
[ FULL ]
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
| ~ HeadRemove "Host"
Just found out that pound does not allow you to remove headers
it relies on (http.c, lines 640-681).
Maybe a directive
~ HeadReplace "Host" "bananas.ch"
instead? Looking at http.c this would be easier to implement.
I'll give it a shot.
daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAJ7bES2WJ/hBy2k8RAiMYAKDXk6eCofbYaCKVa7evmk0BhORhzACg7LV7
0/jHREmkPx9OJxhbplECTXY=
=pv5Q
-----END PGP SIGNATURE-----
|
|
|
Re: Pound as SSL-Wrapper for many webservers
Roland <pound(at)gmx.net> |
2004-02-09 18:47:41 |
[ FULL ]
|
--On Montag, 9. Februar 2004 17:35 +0100 Daniel Lorch
<daniel(at)lorch.cc> wrote:
[...]
I posted a patch some weeks ago which allows this kind of 'Virtual
SSL' by adjusting the Host-Header sent to Apache:
Subject: Re: Wishlist: Rewrite/Set of Host-Header per UrlGroup
Orig-Date: Thu, 15 Jan 2004 08:52:34 +0000
Message-ID: <courier.400654E5.00002514(at)msgid.courier2.serv.ch>
While ezmlm allows to fetch messages from the archive by the
serial number this number is nowhere recorded in the headers.
I'd have no problem to host the list on Mailman with archives
enabled, just in case.
Roland
|
|
|
Re: Pound as SSL-Wrapper for many webservers
Daniel Lorch <daniel(at)lorch.cc> |
2004-02-09 19:02:37 |
[ FULL ]
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi
| Subject: Re: Wishlist: Rewrite/Set of Host-Header per UrlGroup
| Orig-Date: Thu, 15 Jan 2004 08:52:34 +0000
| Message-ID: <courier.400654E5.00002514(at)msgid.courier2.serv.ch>
Ok thank you very much. It seems I didn't read the archives
carefully enough :)
~ http://www.apsis.ch/pound/pound_list/archive/2004/2004-01/1074016075000
| I'd have no problem to host the list on Mailman with archives
| enabled, just in case.
no no, ezmlm(-idx) is just fine :)
daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAJ8s8S2WJ/hBy2k8RAjFVAJwLrGoOhkrC5O8PmPV+0FNxCHzLaACg6RsW
SDFNSbFwbxdoXJjg+GhkdAs=
=8xc/
-----END PGP SIGNATURE-----
|
|
|
ezmlm-options (was: Re: Pound as SSL-Wrapper for many webservers)
Daniel Lorch <daniel(at)lorch.cc> |
2004-02-09 19:06:13 |
[ FULL ]
|
hi
> While ezmlm allows to fetch messages from the archive by the
> serial number this number is nowhere recorded in the headers.
If we're at it. This will add the "X-Sequence" to ezmlm's
header:
echo "X-Sequence: <#n#>" >> ~/pound/headeradd
and
echo "[pound]" > ~/pound/prefix
would add the [pound] prefix to the subject. Don't know about
you, but I would highly appreciate this. As it makes it easier
to filter them and they are easily recognized even when forwar-
ded.
and maybe a
echo -ne "-- \nposting: <#l#>(at)<#h#>\nsubscribe:
<#l#>-subscribe(at)<#h#>\nunsubscribe:
<#l#>-unsubscribe(at)<#h#>\narchive:
http://www.apsis.ch/pound/pound_list"
> ~/pound/text/trailer
:)
daniel
|
|
|
Re: Pound as SSL-Wrapper for many webservers
Robert Segall <roseg(at)apsis.ch> |
2004-02-10 13:30:05 |
[ FULL ]
|
On Mon, 2004-02-09 at 18:47, Roland wrote:[...]
It is now.
[...]
Thanks for the offer. For your information, this list is archived on the
Web (link in the Pound home page).[...]
|
|
|
Re: ezmlm-options (was: Re: Pound as SSL-Wrapper for many
webservers)
Robert Segall <roseg(at)apsis.ch> |
2004-02-10 13:30:07 |
[ FULL ]
|
On Mon, 2004-02-09 at 19:06, Daniel Lorch wrote:[...]
OK - I've added it.
[...]
I avoided this until in the interest of bandwidth saving (on some
occasions this would more than double the amount of useful content)...[...]
|
|
|
Re: ezmlm-options (was: Re: Pound as SSL-Wrapper for many webservers)
Daniel Lorch <daniel(at)lorch.cc> |
2004-02-10 13:39:23 |
[ FULL ]
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
| OK - I've added it.
hmm, doesn't work. Have you tried ezmlm-idx?
~ http://www.inter7.com/devel/ezmlm-0.53-idx-0.41.tar.gz
It's a patch provided by the community adding a couple of
features, such as thread-retrieval and stuff. Not sure about
whether you can install it on top of ezmlm.
daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAKND6S2WJ/hBy2k8RAtLZAKD2mLCf4xgrs/w0RtylwGZtGW6pNQCfQ7XW
hLVqyg9h3EC9Ecz9/BvUQQ4=
=/Zp+
-----END PGP SIGNATURE-----
|
|
|
Re: ezmlm-options (was: Re: Pound as SSL-Wrapper for
many webservers)
Robert Segall <roseg(at)apsis.ch> |
2004-02-10 14:09:12 |
[ FULL ]
|
On Tue, 2004-02-10 at 13:39, Daniel Lorch wrote:[...]
Not yet - and I really lack the time to look at it. For the time being I
think we'll stay with plain ezmlm...[...]
|
|
|
|
