Pound is not a proxy server. (Like Squid) Pound is a load balancer, or reverse-proxy.
As such, you can't set your browser proxy settings to pound and expect it to work. Instead, you could have your config below, but remove the http:// and hostname from the URL matching lines, moving the hostname into a headrequire host match. When you open a browser without proxy settings, and go to https://206.108.209.193, it should take you to the line that matches. If contentcafe.btol.com resolves to 206.108.209.193, you could use https://contentcafe.btol.com as well, since the headrequire would point you to the proper backend. Pound is used for making a hybrid/composite web site from multiple backends/url patterns; not for creating a proxy that can answer browser requests for full URL's. Joe > -----Original Message----- > From: Steve Nolan [mailto:[email protected]] > Sent: Saturday, July 17, 2010 1:37 PM > To: [email protected] > Subject: [Pound Mailing List] Trouble with SSH backend > > Hi, all. > > I've been working away at this fruitlessly for the entire afternoon -- > I hate to, but I think it's time to ask for help. > > I have an existing pound 2.2 installation which works beautifully with > straight HTTP. I've just built a new pound 2.5 on the same Ubuntu > 10.04LTS box to take advantage of the SSH backends feature. However, I > can't seem to get the client to engage in SSL negotiation with the > proxy. > > Even with the https:// prefix in the URL, and a listening port of 443 > on > the proxy, the communication from client to proxy consists of a single > request, in cleartext, to port 443 where it's silently (unlogged) > discarded by the proxy, I suppose because it wants SSL communication on > that port? I've only tested with Windows browser clients (Firefox 3.5 > and IE8) at this point, both with proxy settings manually configured to > point to the listening ports of my pound 2.5 install. > > I have a self-signed cert installed for testing, and it works fine with > (for example) stunnel. > > I have the strong feeling that I'm missing the blindingly obvious, > here. > Can anyone give me a clue? I love the software and I'd hate to have to > switch to something else because I can't see what's right in front of > my > nose.. Thanks so much for any suggestions anyone can offer. > > My config, in part: > > > ListenHTTP > Address 206.108.209.193 > Port 3381 > xHTTP 3 > End > > ListenHTTPS > Address 206.108.209.193 > Port 443 > xHTTP 3 > Cert "/etc/pound/mycert.pem" > > Service > HeadRequire "Host:.*ec.virl.bc.ca.*" > BackEnd > Address ec.virl.bc.ca > Port 443 > HTTPS > End > End > End > > Service > URL "http://contentcafe.btol.com/*"; > BackEnd > Address contentcafe.btol.com > Port 80 > End > End > > Service > URL "http://msgs.virl.bc.ca/denied.html"; > BackEnd > Address msgs.virl.bc.ca > Port 80 > End > End > > Service > Redirect "http://msgs.virl.bc.ca/denied.html"; > End > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
