|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2010
/
2010-04
/
Help - Pound not redirecting to backend servers
[
=?windows-1252?Q?Re=3A_=5BPound_Mailing_List=5D_Po... ]
[
Git over http backend / Agustin Henze ... ]
Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 17:39:07 |
[ SNIP ]
|
All,
I just can't seem to get my pound working. (Please see my pound.cfg below).
When my users to go the "172.29.1.22" server, they receive this error
message: "The service is not available. Please try again later."
As you can see from my pound.cfg, it's supposed to redirect it to a url at
one of the two backend servers (which are Linux and have port 4443 for SSL.)
Any idea what I'm doing wrong here?
Thank you for any help you're willing to provide.
Anne
######################################################
ListenHTTP
Address 172.29.1.222
Port 80
xHTTP 1
HeadRemove "X-SSL-Request"
HeadRemove "X-Forwarded-For"
AddHeader "X-SSL-Request: 1"
End
# redirect all requests for /forbidden
Service
Url " <http://TTHR3.helpme.org> http://TTHR3.helpme.org"
Redirect " <https://TTHR3.helpme.org/myapp>
https://TTHR3.helpme.org/myapp"
End
# Catch-all server(s)
Service
BackEnd
Address <https://TTRH1.helpme.org:4443:/myapp>
https://TTRH1.helpme.org:4443:/myapp
Port 4443
End
BackEnd
Address <https://TTRH2.helpme.org:4443/myapp>
https://TTRH2.helpme.org:4443/myapp
Port 4443
End
Session
Type IP
TTL 520
End
End
###############################################################
|
|
|
|
|
Re: [Pound Mailing List] Help - Pound not redirecting to backend servers
Zack Steinkamp <zack_steinkamp(at)symantec.com> |
2010-04-02 18:06:17 |
[ SNIP ]
|
Put the Service blocks inside the ListenHTTP block.
-zs
On 4/2/10 8:39 AM, Anne Moore wrote:
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a url at
> one of the two backend servers (which are Linux and have port 4443 for SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect "<https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address<https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address<https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
Joe Gooch <mrwizard(at)k12system.com> |
2010-04-02 19:18:00 |
[ SNIP ]
|
1) If port 4443 is expecting SSL, you need to add HTTPS to your backends.
2) Backends are IPs, not URL's, and do not support paths at all.. (they're
passed through transparently)
3) URL matching in a service does not include the host, you'd need to use
HeadRequire for that.
4) You redirect to TTHR3 which I'm assuming is the load balancer, on SSL ports,
but the load balancer isn't listening on 443.
So you want something more like this.
######################################################
ListenHTTP
Address 172.29.1.222
Port 80
xHTTP 1
Service
Url ".*"
Redirect "https://TTHR3.helpme.org/myapp"
End
End
ListenHTTPS
Address 172.29.1.222
Port 443
xHTTP 1
HeadRemove "X-SSL-Request"
HeadRemove "X-Forwarded-For"
AddHeader "X-SSL-Request: 1"
Cert "your_certificate_pem_file"
# Catch-all server(s)
Service
BackEnd
Address TTRH1.helpme.org
Port 4443
HTTPS
End
BackEnd
Address TTRH2.helpme.org
Port 4443
HTTPS
End
Session
Type IP
TTL 520
End
End
End
###############################################################
Joe
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 11:39 AM
> To: pound(at)apsis.ch
> Subject: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
> below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a url
> at
> one of the two backend servers (which are Linux and have port 4443 for
> SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url " <http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect " <https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address <https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address <https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 19:19:45 |
[ SNIP ]
|
Hi Zs
Unfortunately, that didn't work. I get this error message when trying to
start pound:
"/usr/local/etc/pound.cfg line 31: Port is supported only for INET/INET6
back-ends"
So it looks like it's saying port 4443 is not supported with pound?
What do you think?
Thanks
Anne
-----Original Message-----
From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
Sent: Friday, April 02, 2010 12:06 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Put the Service blocks inside the ListenHTTP block.
-zs
On 4/2/10 8:39 AM, Anne Moore wrote:
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a
> url at one of the two backend servers (which are Linux and have port
> 4443 for SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect "<https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address<https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address<https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 19:28:55 |
[ SNIP ]
|
I removed the lines "Port 4443" and now I get this error:
"The service is not available. Please try again later."
So, now I'm really stuck.
Is there any way to proxy to an SSL backend (on linux, so it's port 4443),
like this? (https://TTRH2.helpme.org:4443/myapp) ?
Thanks
-----Original Message-----
From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
Sent: Friday, April 02, 2010 1:20 PM
To: 'pound(at)apsis.ch'
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Hi Zs
Unfortunately, that didn't work. I get this error message when trying to
start pound:
"/usr/local/etc/pound.cfg line 31: Port is supported only for INET/INET6
back-ends"
So it looks like it's saying port 4443 is not supported with pound?
What do you think?
Thanks
Anne
-----Original Message-----
From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
Sent: Friday, April 02, 2010 12:06 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Put the Service blocks inside the ListenHTTP block.
-zs
On 4/2/10 8:39 AM, Anne Moore wrote:
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a
> url at one of the two backend servers (which are Linux and have port
> 4443 for SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect "<https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address<https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address<https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 19:43:55 |
[ SNIP ]
|
Hi Joe
Thanks for this great information.
Unfortunately, no matter what I do, I can't get an SSL PEM file working with
POUND. Otherwise, like you mentioned, I probably could get this working like
that. (Only my backend servers have SSL certificates installed on them. I'm
just trying to forward to my backend SSL websites.)
Are there instructions anywhere that include how to make a PEM file, using a
root certificate authority that customers can recognize, that works with
POUND?
Also, isn't there anyway to forward incoming port 80 requests to backend
port 4443 (ssl) requests, without having the load balancers (pound) having
it's own SSL certificate?
Thank you
Anne
-----Original Message-----
From: Joe Gooch [mailto:mrwizard(at)k12system.com]
Sent: Friday, April 02, 2010 1:18 PM
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
1) If port 4443 is expecting SSL, you need to add HTTPS to your backends.
2) Backends are IPs, not URL's, and do not support paths at all.. (they're
passed through transparently)
3) URL matching in a service does not include the host, you'd need to use
HeadRequire for that.
4) You redirect to TTHR3 which I'm assuming is the load balancer, on SSL
ports, but the load balancer isn't listening on 443.
So you want something more like this.
######################################################
ListenHTTP
Address 172.29.1.222
Port 80
xHTTP 1
Service
Url ".*"
Redirect "https://TTHR3.helpme.org/myapp"
End
End
ListenHTTPS
Address 172.29.1.222
Port 443
xHTTP 1
HeadRemove "X-SSL-Request"
HeadRemove "X-Forwarded-For"
AddHeader "X-SSL-Request: 1"
Cert "your_certificate_pem_file"
# Catch-all server(s)
Service
BackEnd
Address TTRH1.helpme.org
Port 4443
HTTPS
End
BackEnd
Address TTRH2.helpme.org
Port 4443
HTTPS
End
Session
Type IP
TTL 520
End
End
End
###############################################################
Joe
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 11:39 AM
> To: pound(at)apsis.ch
> Subject: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
> below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a url
> at
> one of the two backend servers (which are Linux and have port 4443 for
> SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url " <http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect " <https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address <https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address <https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to
> pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Jacob Anderson" <jwa(at)beyond-ordinary.com> |
2010-04-02 19:46:17 |
[ SNIP ]
|
Hi Anne,
SSL is always on port 443 unless you explicitly reset that port number to be
4443. If you are using a default configuration for your back end servers,
then change your pound config to proxy back to port 443 on your back end
servers.
-- Jake
-----Original Message-----
From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
Sent: Friday, April 02, 2010 10:29 AM
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
I removed the lines "Port 4443" and now I get this error:
"The service is not available. Please try again later."
So, now I'm really stuck.
Is there any way to proxy to an SSL backend (on linux, so it's port 4443),
like this? (https://TTRH2.helpme.org:4443/myapp) ?
Thanks
-----Original Message-----
From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
Sent: Friday, April 02, 2010 1:20 PM
To: 'pound(at)apsis.ch'
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Hi Zs
Unfortunately, that didn't work. I get this error message when trying to
start pound:
"/usr/local/etc/pound.cfg line 31: Port is supported only for INET/INET6
back-ends"
So it looks like it's saying port 4443 is not supported with pound?
What do you think?
Thanks
Anne
-----Original Message-----
From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
Sent: Friday, April 02, 2010 12:06 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Put the Service blocks inside the ListenHTTP block.
-zs
On 4/2/10 8:39 AM, Anne Moore wrote:
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a
> url at one of the two backend servers (which are Linux and have port
> 4443 for SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect "<https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address<https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address<https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
Joe Gooch <mrwizard(at)k12system.com> |
2010-04-02 19:54:35 |
[ SNIP ]
|
See below
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 1:44 PM
> To: pound(at)apsis.ch
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to
> backend servers
>
> Hi Joe
>
> Thanks for this great information.
>
> Unfortunately, no matter what I do, I can't get an SSL PEM file working
> with
> POUND. Otherwise, like you mentioned, I probably could get this working
> like
> that. (Only my backend servers have SSL certificates installed on them.
> I'm
> just trying to forward to my backend SSL websites.)
>
> Are there instructions anywhere that include how to make a PEM file,
> using a
> root certificate authority that customers can recognize, that works
> with
> POUND?
It's the same as mod_ssl:
http://www.modssl.org/docs/2.8/ssl_faq.html
(see "about certificates")
Basically, you need a plain text file with the PEM(base64) format of the
private key, followed by the PEM(base64) format of the certificate, followed by
any CA certificates in the chain in PEM format.
> Also, isn't there anyway to forward incoming port 80 requests to
> backend
> port 4443 (ssl) requests, without having the load balancers (pound)
> having
> it's own SSL certificate?
Sure. Move the services back outside the listener blocks, remove the 443
listenhttps block, and change the redirect URL matcher to "^/$"
However, by doing that, your clients will be talking HTTP to pound. Pound will
talk HTTPS to backends. You can't have pound load-balance SSL traffic, it
either has to terminate the SSL connection, or terminate a non-SSL connection
and speak to SSL backends.
Joe
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 20:21:00 |
[ SNIP ]
|
Hi Jake
On Linux (red hat), the SSL port (by default) is normally on port 4443, (not
443).
Thanks
Anne
-----Original Message-----
From: Jacob Anderson [mailto:jwa(at)beyond-ordinary.com]
Sent: Friday, April 02, 2010 1:46 PM
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Hi Anne,
SSL is always on port 443 unless you explicitly reset that port number to be
4443. If you are using a default configuration for your back end servers,
then change your pound config to proxy back to port 443 on your back end
servers.
-- Jake
-----Original Message-----
From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
Sent: Friday, April 02, 2010 10:29 AM
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
I removed the lines "Port 4443" and now I get this error:
"The service is not available. Please try again later."
So, now I'm really stuck.
Is there any way to proxy to an SSL backend (on linux, so it's port 4443),
like this? (https://TTRH2.helpme.org:4443/myapp) ?
Thanks
-----Original Message-----
From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
Sent: Friday, April 02, 2010 1:20 PM
To: 'pound(at)apsis.ch'
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Hi Zs
Unfortunately, that didn't work. I get this error message when trying to
start pound:
"/usr/local/etc/pound.cfg line 31: Port is supported only for INET/INET6
back-ends"
So it looks like it's saying port 4443 is not supported with pound?
What do you think?
Thanks
Anne
-----Original Message-----
From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
Sent: Friday, April 02, 2010 12:06 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Help - Pound not redirecting to backend
servers
Put the Service blocks inside the ListenHTTP block.
-zs
On 4/2/10 8:39 AM, Anne Moore wrote:
> All,
>
> I just can't seem to get my pound working. (Please see my pound.cfg
below).
> When my users to go the "172.29.1.22" server, they receive this error
> message: "The service is not available. Please try again later."
>
> As you can see from my pound.cfg, it's supposed to redirect it to a
> url at one of the two backend servers (which are Linux and have port
> 4443 for SSL.)
>
>
> Any idea what I'm doing wrong here?
>
> Thank you for any help you're willing to provide.
>
> Anne
>
> ######################################################
> ListenHTTP
> Address 172.29.1.222
> Port 80
> xHTTP 1
> HeadRemove "X-SSL-Request"
> HeadRemove "X-Forwarded-For"
> AddHeader "X-SSL-Request: 1"
> End
>
> # redirect all requests for /forbidden
>
> Service
> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
> Redirect "<https://TTHR3.helpme.org/myapp>
> https://TTHR3.helpme.org/myapp"
> End
>
> # Catch-all server(s)
> Service
> BackEnd
> Address<https://TTRH1.helpme.org:4443:/myapp>
> https://TTRH1.helpme.org:4443:/myapp
> Port 4443
> End
> BackEnd
> Address<https://TTRH2.helpme.org:4443/myapp>
> https://TTRH2.helpme.org:4443/myapp
> Port 4443
> End
> Session
> Type IP
> TTL 520
> End
> End
> ###############################################################
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Simon Matter" <simon.matter(at)invoca.ch> |
2010-04-02 20:38:14 |
[ SNIP ]
|
> Hi Jake
>
> On Linux (red hat), the SSL port (by default) is normally on port 4443,
> (not
> 443).
Huh, how comes? I have never seen that in my life and I'm a RedHat user
for more than a decade. Are we talking about the same, running apache with
SSL?
Regards,
Simon
>
> Thanks
>
> Anne
>
> -----Original Message-----
> From: Jacob Anderson [mailto:jwa(at)beyond-ordinary.com]
> Sent: Friday, April 02, 2010 1:46 PM
> To: pound(at)apsis.ch
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> Hi Anne,
>
> SSL is always on port 443 unless you explicitly reset that port number to
> be
> 4443. If you are using a default configuration for your back end servers,
> then change your pound config to proxy back to port 443 on your back end
> servers.
>
> -- Jake
>
>
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 10:29 AM
> To: pound(at)apsis.ch
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> I removed the lines "Port 4443" and now I get this error:
>
> "The service is not available. Please try again later."
>
> So, now I'm really stuck.
>
> Is there any way to proxy to an SSL backend (on linux, so it's port 4443),
> like this? (https://TTRH2.helpme.org:4443/myapp) ?
>
> Thanks
>
>
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 1:20 PM
> To: 'pound(at)apsis.ch'
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> Hi Zs
>
> Unfortunately, that didn't work. I get this error message when trying to
> start pound:
>
> "/usr/local/etc/pound.cfg line 31: Port is supported only for INET/INET6
> back-ends"
>
> So it looks like it's saying port 4443 is not supported with pound?
>
> What do you think?
>
> Thanks
>
> Anne
>
>
> -----Original Message-----
> From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
> Sent: Friday, April 02, 2010 12:06 PM
> To: pound(at)apsis.ch
> Subject: Re: [Pound Mailing List] Help - Pound not redirecting to backend
> servers
>
> Put the Service blocks inside the ListenHTTP block.
>
> -zs
>
>
> On 4/2/10 8:39 AM, Anne Moore wrote:
>> All,
>>
>> I just can't seem to get my pound working. (Please see my pound.cfg
> below).
>> When my users to go the "172.29.1.22" server, they receive this error
>> message: "The service is not available. Please try again later."
>>
>> As you can see from my pound.cfg, it's supposed to redirect it to a
>> url at one of the two backend servers (which are Linux and have port
>> 4443 for SSL.)
>>
>>
>> Any idea what I'm doing wrong here?
>>
>> Thank you for any help you're willing to provide.
>>
>> Anne
>>
>> ######################################################
>> ListenHTTP
>> Address 172.29.1.222
>> Port 80
>> xHTTP 1
>> HeadRemove "X-SSL-Request"
>> HeadRemove "X-Forwarded-For"
>> AddHeader "X-SSL-Request: 1"
>> End
>>
>> # redirect all requests for /forbidden
>>
>> Service
>> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
>> Redirect "<https://TTHR3.helpme.org/myapp>
>> https://TTHR3.helpme.org/myapp"
>> End
>>
>> # Catch-all server(s)
>> Service
>> BackEnd
>> Address<https://TTRH1.helpme.org:4443:/myapp>
>> https://TTRH1.helpme.org:4443:/myapp
>> Port 4443
>> End
>> BackEnd
>> Address<https://TTRH2.helpme.org:4443/myapp>
>> https://TTRH2.helpme.org:4443/myapp
>> Port 4443
>> End
>> Session
>> Type IP
>> TTL 520
>> End
>> End
>> ###############################################################
>>
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
>> Please contact roseg(at)apsis.ch for questions.
>>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
|
|
|
RE: [Pound Mailing List] Help - Pound not redirecting to backend servers
"Anne Moore" <diabeticithink(at)yahoo.com> |
2010-04-02 22:19:25 |
[ SNIP ]
|
Sorry, I meant red hat with Oracle. (Oracle has it's own Apache server, and
the default for ssl is port 443.)
-----Original Message-----
From: Simon Matter [mailto:simon.matter(at)invoca.ch]
Sent: Friday, April 02, 2010 2:38 PM
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend
servers
> Hi Jake
>
> On Linux (red hat), the SSL port (by default) is normally on port
> 4443, (not 443).
Huh, how comes? I have never seen that in my life and I'm a RedHat user for
more than a decade. Are we talking about the same, running apache with SSL?
Regards,
Simon
>
> Thanks
>
> Anne
>
> -----Original Message-----
> From: Jacob Anderson [mailto:jwa(at)beyond-ordinary.com]
> Sent: Friday, April 02, 2010 1:46 PM
> To: pound(at)apsis.ch
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to
> backend servers
>
> Hi Anne,
>
> SSL is always on port 443 unless you explicitly reset that port number
> to be 4443. If you are using a default configuration for your back end
> servers, then change your pound config to proxy back to port 443 on
> your back end servers.
>
> -- Jake
>
>
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 10:29 AM
> To: pound(at)apsis.ch
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to
> backend servers
>
> I removed the lines "Port 4443" and now I get this error:
>
> "The service is not available. Please try again later."
>
> So, now I'm really stuck.
>
> Is there any way to proxy to an SSL backend (on linux, so it's port
> 4443), like this? (https://TTRH2.helpme.org:4443/myapp) ?
>
> Thanks
>
>
> -----Original Message-----
> From: Anne Moore [mailto:diabeticithink(at)yahoo.com]
> Sent: Friday, April 02, 2010 1:20 PM
> To: 'pound(at)apsis.ch'
> Subject: RE: [Pound Mailing List] Help - Pound not redirecting to
> backend servers
>
> Hi Zs
>
> Unfortunately, that didn't work. I get this error message when trying
> to start pound:
>
> "/usr/local/etc/pound.cfg line 31: Port is supported only for
> INET/INET6 back-ends"
>
> So it looks like it's saying port 4443 is not supported with pound?
>
> What do you think?
>
> Thanks
>
> Anne
>
>
> -----Original Message-----
> From: Zack Steinkamp [mailto:zack_steinkamp(at)symantec.com]
> Sent: Friday, April 02, 2010 12:06 PM
> To: pound(at)apsis.ch
> Subject: Re: [Pound Mailing List] Help - Pound not redirecting to
> backend servers
>
> Put the Service blocks inside the ListenHTTP block.
>
> -zs
>
>
> On 4/2/10 8:39 AM, Anne Moore wrote:
>> All,
>>
>> I just can't seem to get my pound working. (Please see my pound.cfg
> below).
>> When my users to go the "172.29.1.22" server, they receive this error
>> message: "The service is not available. Please try again later."
>>
>> As you can see from my pound.cfg, it's supposed to redirect it to a
>> url at one of the two backend servers (which are Linux and have port
>> 4443 for SSL.)
>>
>>
>> Any idea what I'm doing wrong here?
>>
>> Thank you for any help you're willing to provide.
>>
>> Anne
>>
>> ######################################################
>> ListenHTTP
>> Address 172.29.1.222
>> Port 80
>> xHTTP 1
>> HeadRemove "X-SSL-Request"
>> HeadRemove "X-Forwarded-For"
>> AddHeader "X-SSL-Request: 1"
>> End
>>
>> # redirect all requests for /forbidden
>>
>> Service
>> Url "<http://TTHR3.helpme.org> http://TTHR3.helpme.org"
>> Redirect "<https://TTHR3.helpme.org/myapp>
>> https://TTHR3.helpme.org/myapp"
>> End
>>
>> # Catch-all server(s)
>> Service
>> BackEnd
>> Address<https://TTRH1.helpme.org:4443:/myapp>
>> https://TTRH1.helpme.org:4443:/myapp
>> Port 4443
>> End
>> BackEnd
>> Address<https://TTRH2.helpme.org:4443/myapp>
>> https://TTRH2.helpme.org:4443/myapp
>> Port 4443
>> End
>> Session
>> Type IP
>> TTL 520
>> End
>> End
>> ###############################################################
>>
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
>> Please contact roseg(at)apsis.ch for questions.
>>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
>
> --
> To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
|
|
|
|
