Glad you got it working! Take care. Joe
> -----Original Message----- > From: Karsten Brusch [mailto:[email protected]] > Sent: Wednesday, September 22, 2010 5:17 AM > To: [email protected] > Cc: Luis Lopez > Subject: [Pound Mailing List] RE: Strange Location rewrite problem > > Hi Joe, > > Thank you lot for your feedback! > > So basically what solved my problem was following: > > 1) I added the planned DNS name to the hosts file of the client (where > I issued wget from using that dns name) > 67.123.123.123 planned-dns.com > > 2) added the planned DNS name to the node running pound, resolving to > the IP where my Backend (in my case haproxy) is running > 10.223.205.152 planned-dns.com > > So the dns is resolved on the client to the public IP and that same dns > name resolved to the backend (haproxy) on the pound server (for reverse > lookup) > > Thanks a million for that hint and warm greetings from Berlin > Karsten > > Karsten Brusch > www.synchronica.com > > -----Original Message----- > From: Joe Gooch [mailto:[email protected]] > Sent: Dienstag, 21. September 2010 23:26 > To: [email protected] > Subject: [Pound Mailing List] RE: Strange Location rewrite problem > > Pound will only rewrite the location if it can be sure the redirect is > referencing either the backend IP address or the listener IP address... > Since your outside IP is NAT-ed... it can't be sure that that IP refers > to the box. (for instance, you could redirect to www.cnn.com... Pound > would know not to rewrite that.) > > Once you have DNS set up you can work around this with /etc/hosts. > When a client comes in, either from outside or inside, it'll be > something like: > GET / HTTP/1.0 > Host: yourhost.domain.org > > And when your backend redirects to yourhost.domain.org/get/, or even > yourbackend/get/, it'll know based on the host requested that > yourhost.domain.org resolves to your 67 address and 10 address, and > would deal with the rewrite properly. > > If the IP is specified and Pound doesn't know about it (i.e. it's not a > listener), I'm not sure what recourse you have. Since it'll go away > with DNS maybe you don't have to worry about it. > > Pound's behavior in this regard appears to be inline with other > commercial load balancers... For instance, the CoyotePoint Equalizer > works the same way. > > Joe > > > -----Original Message----- > > From: Karsten Brusch [mailto:[email protected]] > > Sent: Tuesday, September 21, 2010 2:23 PM > > To: [email protected] > > Subject: [Pound Mailing List] Strange Location rewrite problem > > > > Hello together, > > > > I am reading through the pound mailing list archive for some time now > > and I am stuck with a strange problem. > > > > We have following traffic flow: > > > > Client / Browser --- https ---> Firewall --- https ---> Pound --- > > http > > ----> haproxy ----http ----> node_x > > > > We are calling a tomcat webservlet running on the node_x which > returns > > a HTTP 302 when the client hits a location. > > > > > > The strange thing is when I call the external IP (as there is no DNS > > name so far) it fails: > > --------------------------------------------------------------------- > - > > - > > ---- > > # wget --no-check-certificate "https://67.123.123.123"; > > Connecting to 67.123.123.123:443... connected. > > HTTP request sent, awaiting response... 302 Moved Temporarily > > Location: http://67.123.123.123/get/ [following] > > --------------------------------------------------------------------- > - > > - > > ---- > > > > So the redirect to /get is correct but the https was changed into > http. > > When I run another test directly on the node where pound is running > > then the Location rewrite works like a charm: > > --------------------------------------------------------------------- > - > > - > > ---- > > # wget --no-check-certificate "https://10.223.205.152"; > > Connecting to 10.223.205.152:443... connected. > > HTTP request sent, awaiting response... 302 Moved Temporarily > > Location: https://10.223.205.152/get/ [following] > > --------------------------------------------------------------------- > - > > - > > ---- > > > > So this looks very strange to me. > > I read about problem when DNS is not working properly, but as I am > > using the direct IP what shouldn't be an issue. > > To be sure I added a DNS name for the public IP (67.123.123.123) in > > /etc/hosts in case it's doing reverse lookup, but this didn't help > > either. > > > > > > Here's my config: > > > > > > User "www-data" > > Group "www-data" > > LogLevel 1 > > Alive 30 > > Control "/var/run/pound/poundctl.socket" > > > > ListenHTTPS > > Address 10.223.205.152 > > Port 443 > > Cert "/etc/pound/testcert.pem" > > ## allow PUT and DELETE also (by default only GET, POST and > > HEAD)?: > > xHTTP 4 > > RewriteLocation 1 > > #10.223.205.152 is the IP of the haproxy which is doing some addition > > load balancing. > > Service > > BackEnd > > Address 10.223.205.152 > > Port 80 > > End > > End > > End > > > > > > Do you have any idea? > > It's strange that the reqrite is working in one case and not in the > > other. > > > > I'm happy for any feedback / suggestion I could get. > > Best Regards > > Karsten > > > > > > -- > > To unsubscribe send an email with subject unsubscribe to > > [email protected]. > > Please contact [email protected] for questions. > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
