Re: [Active4d-dev] Apache in front of A4D

Tue, 27 Nov 2007 13:11:46 -0800 


On Nov 27, 2007, at 1:37 PM, Michael Check wrote:


Adding to the list of tasks for this rewqrite proxy, has anyone done
the same with https requests also?  Or should we keep 4D serving the
port 443 material rather than placing apache in front of it?

Any opinions or experience with this?
Have not followed this thread very closely , but we gave up on getting 443 to work with 4d (root privileges and all) and did it with Apache.
I basically have three virtual hosts (port 80) defined in Apache. Site 1 is a static, somewhat restricted site that I just use for file uploads. Site 2 is a public php site that calls Active4d using curl. Site 3 is our intranet site - our main site (and called by site 2 and a few others with a web service type call).
Sites 2 and 3 are https. We redirect any port 80 traffic to 443. Example: 

<VirtualHost *:80>
        ServerName jobs.aidt.edu
        RewriteEngine On
        Options +FollowSymlinks
        RewriteRule (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,R,L]
</VirtualHost>

<VirtualHost *:80>
        ServerName info.aidt.edu
        RewriteEngine On
        Options +FollowSymlinks
        RewriteRule (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,NE,R,L]
</VirtualHost>
Then in ssl.conf we proxy pass to port 80xx for the Active4d site. Port 80xx should be restricted to local area network by a firewall. Example: 


<IfModule mod_ssl.c>
        Listen 443
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
        NameVirtualHost *:443

        <VirtualHost *:443>
                SSLEngine on
                ServerName info.aidt.edu
                ServerAdmin [EMAIL PROTECTED]
                ErrorLog logs/info.aidt.edu-error_log
                CustomLog logs/info.aidt.edu-access_log common
                SSLCertificateFile 
/opt/local/apache2/conf/keys/STAR_aidt_edu.crt
                SSLCertificateKeyFile /opt/local/apache2/conf/keys/aidtedu.key
SSLCertificateChainFile /opt/local/apache2/conf/keys/ STAR_aidt_edu.ca-bundle 
                ProxyPass / http://localhost:80xx/
                ProxyPassReverse / http://localhost:80xx/
        </VirtualHost>
        
        <VirtualHost *:443>
                SSLEngine on
                ServerName jobs.aidt.edu
                ServerAdmin [EMAIL PROTECTED]
                ErrorLog logs/jobs.aidt.edu-error_log
                CustomLog logs/jobs.aidt.edu-access_log common
                DocumentRoot /opt/local/apache2/webjobs
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNU$ 
                SSLCertificateFile 
/opt/local/apache2/conf/keys/STAR_aidt_edu.crt
                SSLCertificateKeyFile /opt/local/apache2/conf/keys/aidtedu.key
SSLCertificateChainFile /opt/local/apache2/conf/keys/ STAR_aidt_edu.ca-bundle 
                RewriteEngine On
                Options +FollowSymlinks
        </VirtualHost>

</IfModule>
I do have an experimental virtual host defined in Active4D running on 80xx. I don't claim to know about the above configuration - just a little experimenting and someone on the staff that knows more about it than I do. 

Steve Alex



_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/

Reply via email to