/ Zope / Apsis / Pound Mailing List / Archive / 2009 / 2009-05 / Pound/SSL and Apache's HTTPS environment variable

[ << ] [ >> ]

[ Summary / Robert Segall <roseg(at)apsis.ch> ] [ change a c code in pound 2.4.4 / Emilio Campos ... ]

Pound/SSL and Apache's HTTPS environment variable
Fili <fili(at)fili.nl>		 2009-05-14 14:30:03 [ FULL ] 
L.s.,

I actually have three seperate questions concerning the pound load-balancer.
So here goes in order of importance:

1. Pound+SSL transparently passes https requests as http requests to 
backends:

Client <--- https ---> Pound <--- http ---> Backend

The problem I have with this is that the Apache servers on the backends 
are not aware of the original nature of the request. Therefor the 
enviroment variable "HTTPS" is never set to "on". There are however a 
lot of webapplications (for example: Magento) that heavily rely on this 
to detect if the connection is secured. Is there a way to trick Apache 
into setting this variable when applicable?

2. Using Poundctl one can enable/disable backends without restarting pound.
Great I thought, until I discovered that restarting pound results in a 
loss of the poundctl instructions (all backends are automatically 
enabled again). For me this cripples the use of poundctl because Pound 
gets restarted every night by logrotate.d. In the end one still has to 
manually comment out a backend in pound.cfg to disable it for a longer 
period then one day. Which is risky business because of possible 
configuration errors and thus has to be done at night-time.
Maybe poundctl could have a flag which rewrites the config file to 
reflect the current state of the backends and such?

3. There isn't a lot of documentation/discussion related to the DynScale 
option in Pound.
I guess i'm mainly interested to find out what people's experience with 
it is.
Is it any good? Or would it be better to manually prioritize?

That's it for now, keep up the good work!
Regards,

Fili
Re: [Pound Mailing List] Pound/SSL and Apache's HTTPS environment variable
Dave Steinberg <dave(at)redterror.net>		 2009-05-14 14:45:57 [ FULL ] 
Fili wrote:[...]

I believe you can set environment variables based on apache config 
directives, for this I'll point you to the apache docs and wave my 
hands.  Start with mod_env, I think the examples there are helpful.

For my customers, I pass the X-Forwarded-Proto header, and provide them 
instructions on hooking their sites up to that.
[...]

My suggestion is tangential - log via syslog, and then do your rotation 
against syslog, not pound.  This way you don't have to restart pound, 
and you don't interrupt web traffic flow.
[...]

I don't use it.  I thought it was somewhat unstable in the past, and I 
don't really need it.
[...]
MailBoxer