Hello together, I am reading through the pound mailing list archive for some time now and I am stuck with a strange problem.
We have following traffic flow: Client / Browser --- https ---> Firewall --- https ---> Pound --- http ----> haproxy ----http ----> node_x We are calling a tomcat webservlet running on the node_x which returns a HTTP 302 when the client hits a location. The strange thing is when I call the external IP (as there is no DNS name so far) it fails: --------------------------------------------------------------------------- # wget --no-check-certificate "https://67.123.123.123"; Connecting to 67.123.123.123:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: http://67.123.123.123/get/ [following] --------------------------------------------------------------------------- So the redirect to /get is correct but the https was changed into http. When I run another test directly on the node where pound is running then the Location rewrite works like a charm: --------------------------------------------------------------------------- # wget --no-check-certificate "https://10.223.205.152"; Connecting to 10.223.205.152:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://10.223.205.152/get/ [following] --------------------------------------------------------------------------- So this looks very strange to me. I read about problem when DNS is not working properly, but as I am using the direct IP what shouldn't be an issue. To be sure I added a DNS name for the public IP (67.123.123.123) in /etc/hosts in case it's doing reverse lookup, but this didn't help either. Here's my config: User "www-data" Group "www-data" LogLevel 1 Alive 30 Control "/var/run/pound/poundctl.socket" ListenHTTPS Address 10.223.205.152 Port 443 Cert "/etc/pound/testcert.pem" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: xHTTP 4 RewriteLocation 1 #10.223.205.152 is the IP of the haproxy which is doing some addition load balancing. Service BackEnd Address 10.223.205.152 Port 80 End End End Do you have any idea? It's strange that the reqrite is working in one case and not in the other. I'm happy for any feedback / suggestion I could get. Best Regards Karsten -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
