/ Zope / Apsis / Pound Mailing List / Archive / 2012 / 2012-05 / HTTP to HTTPS

[ << ] [ >> ]

[ Wildcard Certificate and 302 redirect / Leo Cadle ... ] [ Re: [Pound Mailing List] HTTP to HTTPS / Roberto ... ]

HTTP to HTTPS
Leo Cadle <leo.cadle(at)polipayments.com>		 2012-05-18 02:33:33 [ FULL ] 
Hi List,



Can I do this dynamically? So for every incoming HTTP request it gets
diverted to the HTTPS port, or do I need to write a redirect rule for every
URL.



e.g incoming request HTTP://www.example.com/test.html



rewritten to HTTPS://www.example.com/test.html



and then my normal incoming HTTPS listener picks it up and sends it on to
the backend as HTTP.



Cheers,

Leo.



*From:* Leo Cadle [mailto:leo.cadle(at)polipayments.com]
*Sent:* Friday, 18 May 2012 9:54 AM
*To:* pound(at)apsis.ch
*Subject:* RE: [Pound Mailing List] Wildcard Certificate and 302 redirect



Hi Roberto,



This has definitely fixed the issue. I don’t know why it did not work the
first time I tried it but I’ll cop a user error on that one. Thanks very
much for everyones help.



Cheers,

Leo.



*From:* Roberto Geraldo Pimenta Ribeiro Junior [mailto:
rpimenta(at)senado.gov.br]
*Sent:* Friday, 18 May 2012 9:35 AM
*To:* <pound(at)apsis.ch>
*Subject:* Re: [Pound Mailing List] Wildcard Certificate and 302 redirect



Ok .. Waiting....

Enviado via iPhone


Em 17/05/2012, às 20:34, "Leo Cadle" <leo.cadle(at)polipayments.com>
escreveu:

Hi Roberto,



Hold the horses, RewriteLocation 2 may be the ticket, I did not have
success last time I tried it but this time it seems to be working. I will
do a bit more testing to confirm.



Cheers,

Leo.



*From:* Roberto Pimenta Jr. [mailto:rpimenta(at)senado.gov.br]
*Sent:* Friday, 18 May 2012 8:57 AM
*To:* pound(at)apsis.ch
*Subject:* Re: [Pound Mailing List] Wildcard Certificate and 302 redirect




you also have the option to put the redirect in pound ......


Em 17/05/2012, às 19:51, Roberto Pimenta Jr. <rpimenta(at)senado.gov.br>
escreveu:



I think that rewritelocation 2 will do the trick... but i dont have an
environment to test.


Em 17/05/2012, às 19:42, Roberto Pimenta Jr. <rpimenta(at)senado.gov.br>
escreveu:

have you tested with rewrite location or rewrite destination?


Em 17/05/2012, às 19:01, Leo Cadle <leo.cadle(at)polipayments.com>
escreveu:

Hi List,



I will reply once here to all comments.



I have removed HA Proxy, it was just doing the Load Balancing while Pound
was doing the SSL Offload.

I had not tried to setup an environment like this before and was following
a tutorial that did it this way. Once I installed Pound I could see it
could do the same thing on the back end but did not remove HA Proxy
straight away. It is now out of the picture.

I am trying to replicate our production environment in a test scenario. Our
production environment uses hardware load balancers, I am trying to see if
I can replicate the configuration using software Load Balancers so we can
better test our releases. So far I have tried Microsoft ARR, which has a
checkbox to enable or disable this particular behaviour called ‘Reverse
rewrite host header’.

The backend web server is a singe server with one IP address, it hosts
multiple sites answering to different subdomains. That is why we have the
wildcard certificate. The DNS is set correctly with all sudomains pointing
to the same IP. Without Pound the redirect works correctly, when pound is
involved the subdomain always gets rewritten to the starting subdomain. It
is not a problem with our redirect code, it is a simple redirect, this is a
replica of our production code which works correctly behind Brocade Load
Balancers (http://www.brocade.com/index.page)
and also works behind
Microsoft ARR (something else is the problem with ARR).

I have included a tcp dump that shows the rewrite taking place.



Cheers,

Leo.

On Fri, May 18, 2012 at 4:39 AM, Roberto Geraldo Pimenta Ribeiro Junior <
rpimenta(at)senado.gov.br> wrote:

-Are you using nginx or apache?

-Could you send us your redirect code in the php file?

-Why are you using pound AND haproxy?



Regards,

Roberto



*De:* Roberto Geraldo Pimenta Ribeiro Junior
*Enviada em:* quinta-feira, 17 de maio de 2012 15:36
*Para:* pound(at)apsis.ch
*Assunto:* RES: [Pound Mailing List] Wildcard Certificate and 302 redirect



I completely agree. It does not seem a pound matter…..



*De:* Jacob Anderson
[mailto:jwa(at)beyond-ordinary.com<jwa(at)beyond-ordinary.com>]


*Enviada em:* quinta-feira, 17 de maio de 2012 12:20
*Para:* pound(at)apsis.ch

*Assunto:* RE: [Pound Mailing List] Wildcard Certificate and 302 redirect



Hello,



For my take, and my experience only, I’ve had this occur when I did not
have the DNS setup properly. In my case, I was not setting the
sd1.example.com and sd2.example.com domains back to the local IP
addresses.  When this was the case, pound would not redirect correctly and
our login would never work. Once I added the local IP name service for
example.com, pound started to redirect properly. Our backends were tomcat
servers.



Just my experience, and it may not reflect what you are experiencing. Pound
is very touchy about DNS from what I’ve seen.


[...]
Attachments:  
text.html text/html 28274 Bytes
MailBoxer