Assuming you're running a Rails app, and you want all things generated
by link_to, url_for, etc. to keep you in HTTPS , then yes. Otherwise,
you effectively double the number of HTTP requests that the browser
makes. This is wasteful, and depending on your allocated bandwidth and
popularity, costly.
Redirect them once to get them into HTTPS, but once they're there, the
X_FORWARDED_PROTO header is an exceedingly GOOD idea.
Jeremy Cavagnolo wrote:
Thanks for the reply.
It turns out that because I have the following permanent redirection,
I don't need to add the request header.
NameVirtualHost *:80
<VirtualHost *:80>
RedirectPermanent / https://emiliano #this server is only accessed internally
</VirtualHost>
However, my problem came from the fact that I left off the trailing
slash from https://emiliano in the RedirectPermanent directive.
Does anyone think it is still a good idea, from a performance
standpoint, to include:
RequestHeader set X_FORWARDED_PROTO "https"
even though the requests are forwarded by the RedirectPermanent directive?
-jeremy
On Wed, Aug 20, 2008 at 9:56 AM, Bill Siggelkow <[EMAIL PROTECTED]> wrote:
This might help ... I have the following rewrite rule in my conf file ...
# Redirect all non-static requests to cluster
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://resman_cluster%{REQUEST_URI} [P,QSA,L]
Also, I have the following :
# Add a special request header so Rails redirects stay on https
RequestHeader set X_FORWARDED_PROTO "https"
HTH
Bill Siggelkow
[EMAIL PROTECTED]
AIM: siggelkowb
Home: 770-457-8854
Mobile: 770-354-2584
On Aug 20, 2008, at 12:45 PM, Jeremy Cavagnolo wrote:
Hello,
I am configuring apache 2.2 to serve my rails app through mongrel at
the root of my server. First, I redirect all http traffic to https
with the following:
ServerName emiliano
NameVirtualHost *:80
<VirtualHost *:80>
RedirectPermanent / https://emiliano #this server is only accessed
internally
</VirtualHost>
Inside the <VirtualHost *:443> section, I have the following
configuration, which seems extremely standard:
<Proxy balancer://mongrel>
BalancerMember http://localhost:8000
BalancerMember http://localhost:8001
BalancerMember http://localhost:8002
</Proxy>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /stylesheets !
ProxyPass /javascripts !
ProxyPass /images !
ProxyPass / balancer://mongrel/
ProxyPassReverse / balancer://mongrel/
ProxyPreserveHost On
When I point my browser to "https://emiliano"; I get the login page
that I expect. When I submit the login form the authorization is
properly processed (I checked the access log). However, my browser is
then directed to https://emilianousers/home (note the missing "/"
between hostname and 'users') which of course cannot be found. If I
manually insert the slash I am properly directed to the user home
page. I can click on links all day long and everything works, but
when I try to submit any form, the form is processed properly, but the
same issue with the missing slash returns.
I have tried removing the proxy balancer and going directly to the
mongrel instance, but I get the same behavior. I have also removed
and replaced trailing slashes in my ProxyPass directives with no
success.
Because I can't seem to find any other documentation of this issue, I
am left believing that this is a very trivial problem.
Please Help!
jeremy
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users
