I currently have a server that has a self-signed SSL cert and viewing it is
restricted by using a private key that's been exported to Firefox.
I want to put Pound in front of this and 1 other server, so that both are using
the same https listener in pound.cfg and the same private key on the client end
for restricting access.
My confusion is mostly around where to generate the server.pem for Pound.
Do I generate the server.pem and private browser key on the pound server or
import the server.pem from a backend server?
If the second option, does this mean I can only have one SSL backend per Pound
instance?
I'm just at point of testing now (creating keys takes me a while) and have
created a new CA, self-signed cert, pem file, and private key on the Pound
server.
I have commented out all SSL stuff in the Apache httpd.conf files on both
backend servers so now they should just pass http requests back to Pound.
I've tested that each backend resolves with http and without need for a private
key, as I want Pound to handle this.
But I can't get Pound to resolve the backends. Am I doing something wrong or
that isn't possible?
Here's my pound.cfg so far:
ListenHTTPS
Address 192.168.1.140
Port 443
Cert "/usr/etc/server.pem"
LogLevel 2
Service
BackEnd
Address 192.168.1.141
Port 8080
End
End
Service
BackEnd
Address 192.168.1.142
Port 8083
End
End
End
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
