Re: [Pound Mailing List] RPC over https

Wed, 25 May 2011 03:10:53 -0700 

I am still receiving the spontaneous disconnects.  My config looks like:

## Minimal sample pound.cfg
##
## see pound(8) for details


######################################################################
## global options:

User            "www-data"
Group           "www-data"
#RootJail       "/usr/share/pound"
#Control "/var/run/pound/ctl_socket"
LogLevel 5
Grace 3
TimeOut 3600

## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
#Alive          30

## use hardware-accelleration card supported by openssl(1):
#SSLEngine      "<hw>"

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

ListenHTTP
    Address 0.0.0.0
    Port 80
    Service "sslredir"
        HeadRequire "Host: mail.qadomain1.com"
        Redirect "https://mail.qadomain1.com/owa";
    End
    xHTTP 4
End

ListenHTTPS
    Address 0.0.0.0
    Port    443
    Cert    "/etc/pound/CERT.KEY"
    Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
    MaxRequest 1073741824
    xHTTP   4
    Service "rpc"
        URL "^/rpc/rpcproxy\.dll\?"
        HeadRequire "Host: mail.qadomain1.com"
        BackEnd
            Address mail.qadomain1.com
                Port 443
                TimeOut 300
        HTTPS
       End
    End
    Service "exchange"
        URL "^/exchange|^/exchweb|^/owa|^/ecp|^/Microsoft-Server-ActiveSync|^/om
a|^/"
        #HeadRequire "Host: mail.qadomain1.com"
        BackEnd
            Address mail.qadomain1.com
                Port 443
                
                HTTPS
        End
    End
End
rproxy-01:/


On May 16, 2011, at 6:03 AM, Frank Schmirler wrote:

On Fri, 13 May 2011 16:40:04 -0400, CDMB wrote
> We have this configure to do do rpc over https for exchange 2010.
> However, every few seconds it seconds disconnected and then restored.

For RPC you'll need a client and a server side timeout of at least 60 seconds.
For the client timeout, please add "Client 60" to your config. 

> ListenHTTPS
>    Address 0.0.0.0
> AddHeader "Front-End-Https: on"
>    Port    443
>    Cert    "/etc/pound/CERT.KEY"
>    Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
>    MaxRequest 1073741824
>    xHTTP   4
>    Service "exchange"
>        URL
"^/exchange|^/exchweb|^/owa|^/ecp|^/Microsoft-Server-ActiveSync|^/oma|^/"
>        HeadRequire "Host: mail.qadomain1.com"
>        BackEnd
>            Address mail.qadomain1.com
>                Port 443
>                HTTPS
>        End
>    End
>    Service "rpc"
>        URL "^/rpc/rpcproxy\.dll\?"
>        HeadRequire "Host: mail.qadomain1.com"
>        BackEnd
>           Address mail.qadomain1.com
>                Port 443
>                TimeOut 300
>        HTTPS
>       End
>    End
> End

Though you have configured a server side timeout with "TimeOut 300", it
doesn't apply. Service "exchange" is evaluated first and due to the URL
statement including "^/" it matches any request. Swap the order of the two
Service sections and you should be fine.

Regards,
Frank

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to