On Mon, 2009-01-19 at 19:47 -0800, csingley wrote: > > On Jan 19, 9:05 pm, Malcolm Tredinnick <[email protected]> > wrote:
[...] > > In that sort of situation, it is the responsibility of the external > > webserver to rewrite any outgoing URLs correctly for the external world. > > Thus, it should know that it is converting an incoming HTTPS request to > > an HTTP request and thus convert any URLs for the local hostname back > > again before replying. In Apache, for example, this is often done with > > the ProxyPassReverse directive in the mod_proxy module. > > The gentleman wins a large stuffed bear! I cleverly neglected to > configure the ProxyPassReverse directive... as I said, I'm not the > sharpest knife in the drawer. Rectifying this clears up the problem. Yep, that'll do it. I've only made the same error about 270 times in the past. It becomes a likely suspect after the first couple of hundred occurrences. > > Thanks very much for the clear explanation; the education is > appreciated. > > >The > > ProxyPassReverseCookieDomain and related directives also need to be at > > considered, depending upon how much rewriting is done. > > Well you've pointed me in the direction of the right things to study, > but if I could prevail upon you to consider briefly aloud the best > configuration of these directives in the fastcgi setup I've got going, > I'd certainly be much obliged. Looks like you won't need anything other than ProxyReversePass in the setup you described. Rewriting the cookie domain and paths is necessary if the external server is handing things off to an entirely different namespace (in the DNS sense) or different paths. For example, if you're reverse proxying for some portion of a DMZ with different internal hostnames and an internal DNS server. In that case, you'd need to rewrite cookie domains and, possibly paths (you're mapping external "/" to internal "/", but sometimes paths might get rewritten as well). Your setup, which is more or less a simple pass-through to a different server, doesn't need this fanciness. (By the way, if you ever do need those directives and omit them, you'll find out the first time a cookie is used for something like logging in, since it will appear to never have been set.) Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
