Hi, all.
I've been working away at this fruitlessly for the entire afternoon --
I hate to, but I think it's time to ask for help.
I have an existing pound 2.2 installation which works beautifully with
straight HTTP. I've just built a new pound 2.5 on the same Ubuntu
10.04LTS box to take advantage of the SSH backends feature. However, I
can't seem to get the client to engage in SSL negotiation with the proxy.
Even with the https:// prefix in the URL, and a listening port of 443 on
the proxy, the communication from client to proxy consists of a single
request, in cleartext, to port 443 where it's silently (unlogged)
discarded by the proxy, I suppose because it wants SSL communication on
that port? I've only tested with Windows browser clients (Firefox 3.5
and IE8) at this point, both with proxy settings manually configured to
point to the listening ports of my pound 2.5 install.
I have a self-signed cert installed for testing, and it works fine with
(for example) stunnel.
I have the strong feeling that I'm missing the blindingly obvious, here.
Can anyone give me a clue? I love the software and I'd hate to have to
switch to something else because I can't see what's right in front of my
nose.. Thanks so much for any suggestions anyone can offer.
My config, in part:
ListenHTTP
Address 206.108.209.193
Port 3381
xHTTP 3
End
ListenHTTPS
Address 206.108.209.193
Port 443
xHTTP 3
Cert "/etc/pound/mycert.pem"
Service
HeadRequire "Host:.*ec.virl.bc.ca.*"
BackEnd
Address ec.virl.bc.ca
Port 443
HTTPS
End
End
End
Service
URL "http://contentcafe.btol.com/*";
BackEnd
Address contentcafe.btol.com
Port 80
End
End
Service
URL "http://msgs.virl.bc.ca/denied.html";
BackEnd
Address msgs.virl.bc.ca
Port 80
End
End
Service
Redirect "http://msgs.virl.bc.ca/denied.html";
End
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
