I’m new to this package (so please be gentle ;)
Pound is assisting with my DR solution for outages on our internet links (it will be extended to do some failover/fallback in the future – for now it’s a specific task).
I intend to put a pound server behind each of my firewalls – and have them all talk to the (for now) one backend “production” server via internal paths.
Some of the sites are non-http – and these are working perfectly…
My problem is (most likely an understanding of) HTTPS “redirections”.
I was of the understanding that – since 2.5c - if I put the HTTPS directive in the Service, then the certificate presented to the client will be from the webserver (not the listener interfaces).
As a test, I’ve a self-signed testing ssl known as “proxy.mydomain.com.au”) as a “catchall” on the listening interface:
Address <eth0 interface static>
HeadRequire “host: nonsslsite.mydomain.com.au”
Address <ETH3 Static Address>
HeadRequire "Host: securesite.mydomain.com.au"
It “sort of” works –the an SSL client request does gets presented with a certificate and the site is SSL secured.
However, the certificate is signed “proxy.mydomain.com.au” (ie. The interfaces’ cert) – where I would have expected the webmailservers’ webmail.mydomain.com.au.
The only way that I can see this to work would be to put the “production” ssl cert on each of Listener interfaces.
Doesn’t the 2.5c HTTPS directive care of this (essentially tunnelling the ssl session) and thus not require me to publish all the production certs on the pound server?
Appreciate any feedback.
The information contained in this email communication may be confidential. You should only read, disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. If you are not the intended recipient of this email communication, please notify us immediately by email to firstname.lastname@example.org or reply by email direct to the sender and then destroy any electronic or paper copy of this message.
Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of Wridgways The Removalists. Any personal information in this email must be handled in accordance with the Privacy Act 1988 (Cth). Wridgways The Removalists does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus or interference.