Peter,
I'm not sure if this will help, but there is a special value in the
request info collection that will tell if the request is secure.
I just did an active4D.console.dump request info and I see
*secure: "0"
I'm not running on an SSL machine, but I am proxying through Apache.
If that value still returns "0" in an SSL setup, I wouldn't be surprised
if there is a way to set a custom header in your rewrite rule that you
could use to determine forwarded from SSL.
You may also be able to determine this by the presence (or abscence) of
X-Forwarded-For or X-Forwarded-Host headers.
-- Brad Perkins
Peter Jakobsson wrote:
Steve -
I am a bit stumped at how best to handle SSL connections with Apache
in front at the moment.
Can you tell us if 4D or Apache is actually doing the encryption ? It
looks like Apache from your rewrite code. Do you have the 'real'
certificate files configured in Apache ?
The problem I would have with this configuration is that if Active4D
is being passed SSL requests on a port other than 443, it thinks
they're not secure and the logic which tests for the secure port breaks.
I am seem able to get secure requests served just using the code in
the Active4D Wiki, but "get request value(string(A4D Request Host
Port))" returns 8080 instead of 443 so I assume Apache is rewriting
everything to 4D's non-secure port at the moment.
Peter
On 28 Jan 2008, at 13:49, Steve Alex wrote:
On Jan 28, 2008, at 5:23 AM, Peter Jakobsson wrote:
I was wondering how SSL requests are handled in the situation where
Apache is in front of 4D.
I have it (apparently) working using the configurations in the Wiki,
however I can't understand how the response can be encrypted when:
- all dynamic requests are arriving at 4D on port 8080 and not 443
(including I suppose secure ones)
- Apache doesn't know where the key files are
Do I have to specifically handle secure requests in the apache
rewrite rules or somehow let Apache know where the key files are
located ? i.e. does 4D still handle the encryption or does Apache ?
Don't know if this is the right way, but we set up virtual hosts in
the ssl.conf that listens on port 443
<VirtualHost *:443>
SSLEngine on
ServerName jobs2.aidt.edu
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/jobs2.aidt.edu-error_log
CustomLog logs/jobs2.aidt.edu-access_log common
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCertificateChainFile ...
ProxyPass / http://jobs2.aidt.edu:8010/
ProxyPassReverse / http://jobs2.aidt.edu:8010/
</VirtualHost>
In virtual hosts, all port 80 traffic is rewritten to https.
Steve Alex
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
