Use this address to understand redirects in pound (there are samples): http://linux.die.net/man/8/pound
A Redirect is a type of backend as you will realize.
You also have ways to filter the requests(Headrequire,Url ).
De: Roberto Geraldo Pimenta Ribeiro Junior
Enviada em: quinta-feira, 17 de maio de 2012 23:42
Para: Roberto Geraldo Pimenta Ribeiro Junior
Cc: <pound(at)apsis.ch>
Assunto: Re: [Pound Mailing List] HTTP to HTTPS
another tip: you can put a general redirect....you do not need to put a
redirect rule for every url.....
Em 17/05/2012, às 23:35, Roberto Pimenta Jr.
<rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>>
escreveu:
look:
lets organize the battlezone... redirect and rewrite are two different
actions.... i will understand
that you know the deal.... so:
you will have your pound listening in two ports : 80 and 443.
when the request hits an specific url like you said it will be REDIRECTED to
https in another url.... this situation is working...but if you want all the
http requests to the backend to be served as https you must do that in the
reverse proxy(pound in the case)... this is important because the backend will
only receive http requests. So that is our first option.... another one is to
include an http header to signal to the backend if the original traffic is a
https traffic. Then you put a filter in the backend (this is easy in apache for
example) that will check for that header and do the right redirect . So we are
talking about redirects and not about rewrites. Did you get that?
Em 17/05/2012, às 21:33, Leo Cadle
<leo.cadle(at)polipayments.com<mailto:leo.cadle(at)polipayments.com>>
escreveu:
Hi List,
but Can I do this dynamically? So for every incoming HTTP request it gets
diverted to the HTTPS port, or do I need to write a redirect rule for every
URL.
e.g incoming request HTTP://www.example.com/test.html
rewritten to HTTPS://www.example.com/test.html
and then my normal incoming HTTPS listener picks it up and sends it on to the
backend as HTTP.
Cheers,
Leo.
From: Leo Cadle
[mailto:leo.cadle(at)polipayments.com<mailto:leo.cadle(at)polipayments.com>]
Sent: Friday, 18 May 2012 9:54 AM
To: pound(at)apsis.ch<mailto:pound(at)apsis.ch>
Subject: RE: [Pound Mailing List] Wildcard Certificate and 302 redirect
Hi Roberto,
This has definitely fixed the issue. I don’t know why it did not work the
first time I tried it but I’ll cop a user error on that one. Thanks very much
for everyones help.
Cheers,
Leo.
From: Roberto Geraldo Pimenta Ribeiro Junior
[mailto:rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>]
Sent: Friday, 18 May 2012 9:35 AM
To: <pound(at)apsis.ch<mailto:pound(at)apsis.ch>>
Subject: Re: [Pound Mailing List] Wildcard Certificate and 302 redirect
Ok .. Waiting....
Enviado via iPhone
Em 17/05/2012, às 20:34, "Leo Cadle"
<leo.cadle(at)polipayments.com<mailto:leo.cadle(at)polipayments.com>>
escreveu:
Hi Roberto,
Hold the horses, RewriteLocation 2 may be the ticket, I did not have success
last time I tried it but this time it seems to be working. I will do a bit more
testing to confirm.
Cheers,
Leo.
From: Roberto Pimenta Jr.
[mailto:rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>]
Sent: Friday, 18 May 2012 8:57 AM
To: pound(at)apsis.ch<mailto:pound(at)apsis.ch>
Subject: Re: [Pound Mailing List] Wildcard Certificate and 302 redirect
you also have the option to put the redirect in pound ......
Em 17/05/2012, às 19:51, Roberto Pimenta Jr.
<rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>>
escreveu:
I think that rewritelocation 2 will do the trick... but i dont have an
environment to test.
Em 17/05/2012, às 19:42, Roberto Pimenta Jr.
<rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>>
escreveu:
have you tested with rewrite location or rewrite destination?
Em 17/05/2012, às 19:01, Leo Cadle
<leo.cadle(at)polipayments.com<mailto:leo.cadle(at)polipayments.com>>
escreveu:
Hi List,
I will reply once here to all comments.
I have removed HA Proxy, it was just doing the Load Balancing while Pound was
doing the SSL Offload.
I had not tried to setup an environment like this before and was following a
tutorial that did it this way. Once I installed Pound I could see it could do
the same thing on the back end but did not remove HA Proxy straight away. It is
now out of the picture.
I am trying to replicate our production environment in a test scenario. Our
production environment uses hardware load balancers, I am trying to see if I
can replicate the configuration using software Load Balancers so we can better
test our releases. So far I have tried Microsoft ARR, which has a checkbox to
enable or disable this particular behaviour called ‘Reverse rewrite host
header’.
The backend web server is a singe server with one IP address, it hosts multiple
sites answering to different subdomains. That is why we have the wildcard
certificate. The DNS is set correctly with all sudomains pointing to the same
IP. Without Pound the redirect works correctly, when pound is involved the
subdomain always gets rewritten to the starting subdomain. It is not a problem
with our redirect code, it is a simple redirect, this is a replica of our
production code which works correctly behind Brocade Load Balancers (http://www.brocade.com/index.page)
and also works behind Microsoft ARR (something else is the problem with ARR).
I have included a tcp dump that shows the rewrite taking place.
Cheers,
Leo.
On Fri, May 18, 2012 at 4:39 AM, Roberto Geraldo Pimenta Ribeiro Junior
<rpimenta(at)senado.gov.br<mailto:rpimenta(at)senado.gov.br>>
wrote:
-Are you using nginx or apache?
-Could you send us your redirect code in the php file?
-Why are you using pound AND haproxy?
Regards,
Roberto
De: Roberto Geraldo Pimenta Ribeiro Junior
Enviada em: quinta-feira, 17 de maio de 2012 15:36
Para: pound(at)apsis.ch<mailto:pound(at)apsis.ch>
Assunto: RES: [Pound Mailing List] Wildcard Certificate and 302 redirect
I completely agree. It does not seem a pound matter…..
De: Jacob Anderson [mailto:jwa(at)beyond-ordinary.com]
Enviada em: quinta-feira, 17 de maio de 2012 12:20
Para: pound(at)apsis.ch<mailto:pound(at)apsis.ch>
Assunto: RE: [Pound Mailing List] Wildcard Certificate and 302 redirect
Hello,
For my take, and my experience only, I’ve had this occur when I did not have
the DNS setup properly. In my case, I was not setting the sd1.example.com<http://sd1.example.com> and
sd2.example.com<http://sd2.example.com> domains back
to the local IP addresses. When this was the case, pound would not redirect
correctly and our login would never work. Once I added the local IP name
service for example.com<http://example.com>, pound started to
redirect properly. Our backends were tomcat servers.
Just my experience, and it may not reflect what you are experiencing. Pound is
very touchy about DNS from what I’ve seen.
[...]
|
