I am trying to move a Rails application, that uses SSL, from an
Apache/FastCGI stack, that works fine, to Apache22 and mongrel
working with a single mongrel instance (i.e., not mongrel cluster, yet.)
I have a single mongrel instance demonized and working fine on http,
on port 3000. Apache/OpenSSL/certs working fine.
Here is my test http.conf (deliberately kept as simple as possible):
<VirtualHost 69.1.254.101:80>
ServerName new.identry.com
ErrorLog "/var/log/www/new.identry.com-error.log"
CustomLog "/var/log/www/new.identry.com-access.log" combined
#DocumentRoot "/home/identry/public_html"
ProxyPass / http://new.identry.com:3000/
ProxyPassReverse / http://new.identry.com:3000/
ProxyPreserveHost on
</VirtualHost>
<VirtualHost 69.1.254.101:443>
ServerName new.identry.com
ErrorLog "/var/log/www/new.identry.com-error.log"
CustomLog "/var/log/www/new.identry.com-access.log" combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/
new.identry.com/server.key"
SSLCertificateFile "/usr/local/etc/apache22/certs/new.identry.com/
server.crt"
#DocumentRoot "/home/identry/public_html"
RequestHeader set X_FORWARDED_PROTO 'https'
ProxyPass / https://new.identry.com:3000/
ProxyPassReverse / https://new.identry.com:3000/
ProxyPreserveHost on
</VirtualHost>
The two commented-out DocumentRoot lines let me test the Apache SSL
config with static content. If I use the DocumentRoot lines instead
of the Proxy lines, then Apache serves up the static test content
with both http and https addresses, no problem. So I believe Apache/
SSL is working fine.
Furthermore, using the configuration as written above, the http
connection to mongrel (and the Rails app behind it) also works fine.
So a the plain Apache/mod_proxy/mongrel/Rails stack also seems to be
working fine.
What I'm having trouble with is the Apache/SSL/mod_proxy/mongrel/
Rails stack. If I try to reach the site with https://new.identry.com,
I get the following error in the mongrel.log:
Thu Jan 17 09:10:57 -0500 2008: HTTP parse error, malformed request
(75.127.142.66): #<Mongrel::HttpParserError: Invalid HTTP format,
parsing fails.>
Thu Jan 17 09:10:57 -0500 2008: REQUEST DATA: "\200=\001\003\000\000$
\000\000\000\020\000\0009\000\0008\000\0005\000\0003\000\0002\000\000
\004\000\000\005\000\000/\000\000\026\000\000\023\000\376\377\000\000
\n\243?S\376?????|\255?ɇy"
---
PARAMS: {}
---
I get exactly the same error if I bypass Apache and go to https://
new.identry.com:3000.
I am guessing that the above error message is Mongrel choking on
encrypted data. So, I am guessing that Mongrel simply can't handle an
https connection. Therefore, redirecting to an https instance is a
bad idea.
The problem is, if I redirect to an http instance, like so:
<VirtualHost 69.1.254.101:443>
.. snip ..
RequestHeader set X_FORWARDED_PROTO 'https'
ProxyPass / http://new.identry.com:3000/
ProxyPassReverse / http://new.identry.com:3000/
ProxyPreserveHost on
</VirtualHost>
I don't get a secure connection on the browser. I type https://...
and get redirected to http://
Obviously I am doing something wrong. I've googled all over the
place, and can't find a good answer. Any help, much appreciated.
Brgds: John
~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Websites for On-line Collectible Dealers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Identry, LLC
John Almberg
(631) 546-5079
[EMAIL PROTECTED]
www.identry.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
