|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2004
/
2004-05
/
Initial setup, SSL
[
Serving PDF over Pound HTTPS / "Weuffel, ... ]
[
RE: SSL Certificate issue, the solution, another ... ]
Initial setup, SSL
"Jay West" <jwest(at)kwcorp.com> |
2004-05-27 22:16:05 |
[ FULL ]
|
Setting up an initial pound server testbed, and after reading the
documentation there's something that just isn't obvious to me.
We have multiple sites that exist on every server in the cluster - ie. every
webserver contains the same content/sites. Some of the sites are set up in
Apache as name based virtual hosts, some are set up as IP based virtual
hosts. The IP based ones are only because a few of the sites have SSL
certificates and as we know, due to SSL they must have separate IP
addresses.
I'm a little unsure how to set this up with pound in front of them. Rather
than just get an answer, I'd like to ask a few leading questions and then
perhaps I can figure the rest out for myself.
All the examples I can find (and the description of ListenHTTP) specify
either one IP address, or * for all addresses. The docs do say you can
specify multiple ListenHTTP directives but they state "to get multiple
ports" (not multiple different IP addresses). Will pound honor multiple
ListenHTTP directives on totally different ip addresses, not just ports?
The ListenHTTPS directive takes an SSL certificate as an option. What if we
have multiple sites on different IP addresses that each have their own
certificate? I guess this is really similar to the above question.
Perhaps I'm thinking of this incorrectly - maybe I should have the pound box
do SSL for all sites with just one certificate, and point this based on
HeaderRequire to the right internal IP address and don't use SSL on the
webserver? Is this the preferred way of handling this situation? What have
others found?
Thanks in advance for any nudges in the right direction of thinking!
Regards,
Jay West
---
[This E-mail scanned for viruses by Declude Virus]
|
|
|
Re: Initial setup, SSL
"Simon Matter" <simon.matter(at)ch.sauter-bc.com> |
2004-05-28 07:42:40 |
[ FULL ]
|
> Setting up an initial pound server testbed, and after reading the[...]
Hi,
While I don't know how this works with pound you could easy test it by
just configuring it the way you want and try.
[...]
I think that's the only way to do it with Pound. Since Pound work as a
http proxy, it couldn't do it if the traffic was encrypted, right?
Simon
[...]
|
|
|
Re: Initial setup, SSL
Robert Segall <roseg(at)apsis.ch> |
2004-05-28 14:22:25 |
[ FULL ]
|
On Thursday 27 May 2004 22.16, Jay West wrote:[...]
You can listen on as many addresses as you wish.
[...]
Specify in ListenHTTPS each address with its own certificate.
[...]
Pound will NOT talk HTTPS to your back-ends.[...]
|
|
|
|
