Hi Joe Thanks for this great information.
Unfortunately, no matter what I do, I can't get an SSL PEM file working with POUND. Otherwise, like you mentioned, I probably could get this working like that. (Only my backend servers have SSL certificates installed on them. I'm just trying to forward to my backend SSL websites.) Are there instructions anywhere that include how to make a PEM file, using a root certificate authority that customers can recognize, that works with POUND? Also, isn't there anyway to forward incoming port 80 requests to backend port 4443 (ssl) requests, without having the load balancers (pound) having it's own SSL certificate? Thank you Anne -----Original Message----- From: Joe Gooch [mailto:[email protected]] Sent: Friday, April 02, 2010 1:18 PM To: [email protected] Subject: RE: [Pound Mailing List] Help - Pound not redirecting to backend servers 1) If port 4443 is expecting SSL, you need to add HTTPS to your backends. 2) Backends are IPs, not URL's, and do not support paths at all.. (they're passed through transparently) 3) URL matching in a service does not include the host, you'd need to use HeadRequire for that. 4) You redirect to TTHR3 which I'm assuming is the load balancer, on SSL ports, but the load balancer isn't listening on 443. So you want something more like this. ###################################################### ListenHTTP Address 172.29.1.222 Port 80 xHTTP 1 Service Url ".*" Redirect "https://TTHR3.helpme.org/myapp"; End End ListenHTTPS Address 172.29.1.222 Port 443 xHTTP 1 HeadRemove "X-SSL-Request" HeadRemove "X-Forwarded-For" AddHeader "X-SSL-Request: 1" Cert "your_certificate_pem_file" # Catch-all server(s) Service BackEnd Address TTRH1.helpme.org Port 4443 HTTPS End BackEnd Address TTRH2.helpme.org Port 4443 HTTPS End Session Type IP TTL 520 End End End ############################################################### Joe > -----Original Message----- > From: Anne Moore [mailto:[email protected]] > Sent: Friday, April 02, 2010 11:39 AM > To: [email protected] > Subject: [Pound Mailing List] Help - Pound not redirecting to backend > servers > > All, > > I just can't seem to get my pound working. (Please see my pound.cfg > below). > When my users to go the "172.29.1.22" server, they receive this error > message: "The service is not available. Please try again later." > > As you can see from my pound.cfg, it's supposed to redirect it to a url > at > one of the two backend servers (which are Linux and have port 4443 for > SSL.) > > > Any idea what I'm doing wrong here? > > Thank you for any help you're willing to provide. > > Anne > > ###################################################### > ListenHTTP > Address 172.29.1.222 > Port 80 > xHTTP 1 > HeadRemove "X-SSL-Request" > HeadRemove "X-Forwarded-For" > AddHeader "X-SSL-Request: 1" > End > > # redirect all requests for /forbidden > > Service > Url " <http://TTHR3.helpme.org> http://TTHR3.helpme.org"; > Redirect " <https://TTHR3.helpme.org/myapp> > https://TTHR3.helpme.org/myapp"; > End > > # Catch-all server(s) > Service > BackEnd > Address <https://TTRH1.helpme.org:4443:/myapp> > https://TTRH1.helpme.org:4443:/myapp > Port 4443 > End > BackEnd > Address <https://TTRH2.helpme.org:4443/myapp> > https://TTRH2.helpme.org:4443/myapp > Port 4443 > End > Session > Type IP > TTL 520 > End > End > ############################################################### > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
