/ Zope / Apsis / Pound Mailing List / Archive / 2011 / 2011-10 / Virtual Hosts & SSL

[ << ] [ >> ]

[ Behaviour on BackEnd failure with session ... ] [ Load time in the pound log / "Erik Hensema / ... ]

Virtual Hosts & SSL
Jorge Fábregas <jorge.fabregas(at)gmail.com>		 2011-10-09 17:46:33 [ FULL ] 
Hello everyone,

I'm totally new to Pound and was wondering about Virtual Hosts & SSL.

Considering Pound 2.6f along with the latest openssl (with SNI support),
will I be able to use the Virtual Host functionality (HeadRequire) along
with incoming SSL connections (different domains) that I'll proxy to
different back-end servers?  Something like this:


------------------------cut here ---------------------

ListenHTTPS
  Address 192.168.1.5
  Port    443
  Cert    "/etc/apache2/ssl/server0.pem"
  Cert    "/etc/apache2/ssl/server1.pem"

  Service
        HeadRequire "Host: .*www.server0.com.*"
        BackEnd
               Address 172.16.80.15
               Port 80
        End
  End

  Service
        HeadRequire "Host: .*www.server1.com.*"
        BackEnd
               Address 172.16.80.16
               Port 80
        End
     End

End
---------------------- cut here ----------------------

I guess Pound will be able to find the proper certificate (due to the
SNI functionality) and afterwards it will send the traffic to the proper
back-end server by means of the "HeadRequire" directive.  Is that all
there's to it?

Thanks!
Jorge
Re: [Pound Mailing List] Virtual Hosts & SSL
Dave Steinberg <dave(at)redterror.net>		 2011-10-09 18:34:12 [ FULL ] 
> I guess Pound will be able to find the proper certificate (due to the[...]

I haven't yet tried it, but my understanding is that it ought to work as 
you described.  Try it and report back.  :)

Regards,[...]
Re: [Pound Mailing List] Virtual Hosts & SSL
Wayne Smith <Wayne.Smith(at)artscouncil.org.uk>		 2011-10-09 20:37:09 [ FULL ] 
I've just done exactly this and it works fine





Regards
Wayne Smith
IT Project Manager
0161 934 4411

Sent From My Blackberry Handheld.

----- Original Message -----
From: Dave Steinberg [mailto:dave(at)redterror.net]
Sent: Sunday, October 09, 2011 05:34 PM
To: pound(at)apsis.ch <pound(at)apsis.ch>
Subject: Re: [Pound Mailing List] Virtual Hosts & SSL
[...]

I haven't yet tried it, but my understanding is that it ought to work as 
you described.  Try it and report back.  :)

Regards,[...]
Re: [Pound Mailing List] Virtual Hosts & SSL
Jorge Fábregas <jorge.fabregas(at)gmail.com>		 2011-10-09 21:17:18 [ FULL ] 
On 10/09/2011 11:46 AM, Jorge Fábregas wrote:[...]

Thanks Dave & Wayne for confirming.  That gave me the assurance to
proceed with a mini-lab.  I just did it (used some self-signed
certificates) and it worked flawlessly!  I can't believe how easy it was.

Thanks!

Best regards,
Jorge
MailBoxer