OK - since I didn't have the control I wanted on that site, I've now setup
the exact same config on a site I have complete control of. NSLOOKUP works
fine, pound server is integrated with DNS, attached config file below...what
am I missing? Is it my pre-boxed ERP system that's hosing me? If I setup
an HTTP listener in pound, it works, but only b/c when it gets redirected to
HTTP, there's a listener there to handle it, so NOT the desired outcome.
root@frontend:~# vi /etc/pound/pound.cfg
## global options:
User "www-data"
Group "www-data"
#RootJail "/chroot/pound"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
## check backend every X secs:
Alive 30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine "<hw>"
# poundctl control socket
Control "/var/run/pound/poundctl.socket"
ListenHTTPS
Address 0.0.0.0
Port 8443
Cert "/root/jdewebcert.pem"
Service
BackEnd
Address 192.168.0.63
Port 8082
End
End
End
On Mon, Jul 25, 2011 at 3:21 PM, Jacob Anderson <[email protected]>wrote:
> Hi Hall,****
>
> ** **
>
> Login to your pound machine and type “nslookup my_pound_machine_fqdn”****
>
> ** **
>
> Does it resolve to the correct IP address?****
>
> ** **
>
> Get rid of everything except the https directive in your pound config and
> see if it works. Then make sure that you have your back ends bound ONLY on
> the IP addresses that are proxied by pound.****
>
> ** **
>
> -- Jake****
>
> ** **
>
> ** **
>
> *From:* Hall Barricklow [mailto:[email protected]]
> *Sent:* Monday, July 25, 2011 12:52 PM
> *To:* [email protected]
> *Subject:* Re: [Pound Mailing List] pound w/ HTTPS to Apache backend
> redirects to HTTP****
>
> ** **
>
> Thanks for the reply.
>
> Yes, I only have HTTPS directive in my config, the rest of my .cfg file is
> as it comes by default. I'm just trying to get HTTPS working before I move
> on to load balancing, etc. I originally started with just HTTP and it
> worked fine, so moved on to HTTPS. Yes, I am testing all from within my LAN
> right now. I have my BE Apache setup with usecanonicalname no, so it should
> be using whatever is passed in the URL.
>
> Unfortunately I don't have that much control over the application, it's a
> big box ERP system. DNS appears to be sound. ****
>
> On Mon, Jul 25, 2011 at 2:32 PM, Jacob Anderson <[email protected]>
> wrote:****
>
> Hall,****
>
> ****
>
> If you ONLY have an HTTPS directive in your config, and you are being
> redirected back to http, then it sounds like you are (a) testing from your
> LAN, and (b) your BE is sending a redirect that is LAN addressed instead of
> pound addressed.****
>
> ****
>
> Make sure that your application always redirects using the pound URL, and
> that it always preserves the protocol being requested or forces https.****
>
> ****
>
> If you only have https in your pound config then any http action will not
> work.****
>
> ****
>
> Post your entire pound config file if there is more to it …****
>
> ****
>
> ALSO - very important - check that your DNS for the pound server to resolve
> to the correct IP addresses. I had a similar problem to yours because I had
> not kept my internal DNS updated and so the pound server was not able to
> find itself in DNS and so I always got http instead of https.****
>
> ****
>
> -- Jake****
>
> ****
>
> ****
>
> *From:* Hall Barricklow [mailto:[email protected]]
> *Sent:* Monday, July 25, 2011 12:19 PM
> *To:* [email protected]
> *Subject:* [Pound Mailing List] pound w/ HTTPS to Apache backend redirects
> to HTTP****
>
> ****
>
> Yes, I've seen the many, many multitudes of posts on this topic, but
> nothing I've tried seems to fix it. I pull up the link just fine, but as
> soon as I do anything within the application, it immediately drops to HTTP.
> I can throw the "S" in there and hit enter and the page loads fine, but the
> next action I do in the app takes me back to HTTP. See below for config,
> any ideas?
>
> It almost sounds like the issue described on the pound homepage with regard
> to zope:
>
> " A special problem arises when you try using *Pound* as an SSL wrapper:
> Zope assumes that the requests are made via HTTP and insists on prepending
> 'http://' to the (correct) address in the replies, including in the tag
> and the absolute URLs it generates (for images for example). This is clearly
> an undesirable behavior. "
>
> ::::CONFIGURATION::::
>
> Pound version - 2.4.5-3 on Ubuntu server 10.04
>
> I'm using an application called JDEdwards EnterpriseOne that sits on Oracle
> Application Server and Apache 1.3
>
> I have the application running on HTTP port 8101. I have pound running on
> a separate server as HTTPS on port 4433, below is my config:
>
> ListenHTTPS
> Address 0.0.0.0
> Port 4433
> Cert "/usr/local/etc/jdewebcert.pem"
> RewriteLocation 2
> Service
> BackEnd
> Address 192.168.1.100
> Port 8101
> End
> End
> End****
>
> ** **
>
