I'm new to this package (so please be gentle ;)
Pound is assisting with my DR solution for outages on our internet links
(it will be extended to do some failover/fallback in the future - for
now it's a specific task).
I intend to put a pound server behind each of my firewalls - and have
them all talk to the (for now) one backend "production" server via
internal paths.
Some of the sites are non-http - and these are working perfectly...
My problem is (most likely an understanding of) HTTPS "redirections".
I was of the understanding that - since 2.5c - if I put the HTTPS
directive in the Service, then the certificate presented to the client
will be from the webserver (not the listener interfaces).
As a test, I've a self-signed testing ssl known as
"proxy.mydomain.com.au") as a "catchall" on the listening interface:
Eg:
Listen
Address <eth0 interface static>
Port 80
Service
HeadRequire "host:
nonsslsite.mydomain.com.au"
Backend
Address
nonsslsite.mydomain.com.au
Port 80
End
End
End
ListenHTTPS
Address <ETH3 Static Address>
Port 443
Cert "/usr/local/etc/local.server.pem"
Service
HeadRequire "Host: securesite.mydomain.com.au"
Backend
Address securesite.mydomain.com.au
Port 443
HTTPS
End
End
End
It "sort of" works -the an SSL client request does gets presented with a
certificate and the site is SSL secured.
However, the certificate is signed "proxy.mydomain.com.au" (ie. The
interfaces' cert) - where I would have expected the webmailservers'
webmail.mydomain.com.au.
The only way that I can see this to work would be to put the
"production" ssl cert on each of Listener interfaces.
Doesn't the 2.5c HTTPS directive care of this (essentially tunnelling
the ssl session) and thus not require me to publish all the production
certs on the pound server?
Appreciate any feedback.
Mike
Melbourne, Aust.
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by NetIQ MailMarshal
#####################################################################################
#####################################################################################
The information contained in this email communication may be confidential.
You should only read, disclose, re-transmit, copy, distribute, act in reliance
on or commercialise the information if you are authorised to do so. If you are
not
the intended recipient of this email communication, please notify us
immediately by
email to [email protected] or reply by email direct to the sender
and
then destroy any electronic or paper copy of this message. Any views expressed
in
this email communication are those of the individual sender, except where the
sender
specifically states them to be the views of Wridgways The Removalists. Any
personal
information in this email must be handled in accordance with the Privacy Act
1988
(Cth). Wridgways The Removalists does not represent, warrant or guarantee that
the
integrity of this communication has been maintained nor that the communication
is
free of errors, virus or interference.
#####################################################################################
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
