|
http://forum.lighttpd.net/topic/73866 on 24.05.2008 12:20
Hi, I am new to lighty and trying to setup a site with an SSL certificate. The rule are below. A trace shows that the rule for the port is found, but it is not executed. What am I doing wrong? My rules for the non-ssl version of the site work fine.
I am using 1.4.19 built with --enable-openssl
[ I am testing on ports 1443 and 1080 because the server has a live
apache running at the moment ]
snip from log showing rule found
...
2008-05-24 11:59:43: (configfile-glue.c.524) === start of condition
block ===
2008-05-24 11:59:43: (configfile-glue.c.412) SERVER["socket"] (
194.109.109.48:1443 ) compare to 194.109.109.4
8:1443
2008-05-24 11:59:43: (configfile-glue.c.464) setting remains of chaining
to false
2008-05-24 11:59:43: (configfile-glue.c.475) 12 (uncached) result: true
...
snip from log showing the rule was not executed
...
2008-05-24 11:59:43: (configfile-glue.c.475) 15 (uncached) result: false
2008-05-24 11:59:43: (response.c.212) -- splitting Request-URI
2008-05-24 11:59:43: (response.c.213) Request-URI :
/dumpRequest?p=4245
2008-05-24 11:59:43: (response.c.214) URI-scheme : https
2008-05-24 11:59:43: (response.c.215) URI-authority:
secure.movieextras.ie:1443
2008-05-24 11:59:43: (response.c.216) URI-path : /dumpRequest
2008-05-24 11:59:43: (response.c.217) URI-query : p=4245
...
This is the configuration
...
var.movieextras_sitefolder = "/srv/hosting/site1/"
$SERVER["socket"] == "194.109.109.48:1443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/secure.movieextras.ie.pem"
ssl.ca-file = "/etc/ssl/certs/gd_intermediate_bundle.crt"
accesslog.filename = var.movieextras_sitefolder + "var/access.log"
url.rewrite- "/(.*)$" =>
"/VirtualHostBase/https/%0:1443/site1/VirtualHostRoot/$1" )
proxy.server = (
"" => ( ( "host" => "127.0.0.1", "port" => 8080 ) )
)
}
else $HTTP["host"] =~ ".*\.movieextras\.ie" {
accesslog.filename = var.movieextras_sitefolder + "var/access.log"
url.rewrite- "/(.*)$" =>
"/VirtualHostBase/http/%0:1080/site1/VirtualHostRoot/$1" )
proxy.server = (
"" => (( "host" => "127.0.0.1", "port" => 8080 ))
)
}
...
on 24.05.2008 18:10
I have made some progress with this. I broke the SERVER section out to a
standalone rule (just to setup SSL) and use the HOST rules to branch on
the host name.
This almost works. However, I cannot do different rules for https and
http protocols on the secure.movieextras.ie hostname.
$SERVER["socket"] == "194.109.109.48:1443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/secure.movieextras.ie.pem"
ssl.ca-file = "/etc/ssl/certs/gd_intermediate_bundle.crt"
}
$HTTP["host"] =~ "secure\.movieextras\.ie" {
accesslog.filename = var.movieextras_sitefolder + "var/access.log"
url.rewrite- "/(.*)$" =>
"/VirtualHostBase/https/%0:1443/site1/VirtualHostRoot/$1" )
proxy.server = (
"" => ( ( "host" => "127.0.0.1", "port" => 8080 ) )
)
}
else $HTTP["host"] =~ ".*\.movieextras\.ie" {
accesslog.filename = var.movieextras_sitefolder + "var/access.log"
...
on 24.05.2008 18:48
I finally got this working...
It seems that the url.rewrite-once will only work inside a HTTP["host"]
conditional.
$SERVER["socket"] == "194.109.109.48:1443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/secure.movieextras.ie.pem"
ssl.ca-file = "/etc/ssl/certs/gd_intermediate_bundle.crt"
$HTTP["host"] =~ "secure\.movieextras\.ie" {
accesslog.filename = var.movieextras_sitefolder +
"var/access.log"
url.rewrite- "/(.*)$" =>
"/VirtualHostBase/https/%0:1443/site1/VirtualHostRoot/$1" )
proxy.server = (
"" => ( ( "host" => "127.0.0.1", "port" => 8080 ) )
)
}
}
else $HTTP["host"] =~ ".*\.movieextras\.ie" {
accesslog.filename = var.movieextras_sitefolder + "var/access.log"
...
|
