look: lets organize the battlezone... redirect and rewrite are two different actions.... i will understand that you know the deal.... so: you will have your pound listening in two ports : 80 and 443. when the request hits an specific url like you said it will be REDIRECTED to https in another url.... this situation is working...but if you want all the http requests to the backend to be served as https you must do that in the reverse proxy(pound in the case)... this is important because the backend will only receive http requests. So that is our first option.... another one is to include an http header to signal to the backend if the original traffic is a https traffic. Then you put a filter in the backend (this is easy in apache for example) that will check for that header and do the right redirect . So we are talking about redirects and not about rewrites. Did you get that?
Em 17/05/2012, às 21:33, Leo Cadle <[email protected]> escreveu: > Hi List, > > > > but Can I do this dynamically? So for every incoming HTTP request it gets > diverted to the HTTPS port, or do I need to write a redirect rule for every > URL. > > > > e.g incoming request HTTP://www.example.com/test.html > > > > rewritten to HTTPS://www.example.com/test.html > > > > and then my normal incoming HTTPS listener picks it up and sends it on to the > backend as HTTP. > > > > Cheers, > > Leo. > > > > From: Leo Cadle [mailto:[email protected]] > Sent: Friday, 18 May 2012 9:54 AM > To: [email protected] > Subject: RE: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > Hi Roberto, > > > > This has definitely fixed the issue. I don’t know why it did not work the > first time I tried it but I’ll cop a user error on that one. Thanks very much > for everyones help. > > > > Cheers, > > Leo. > > > > From: Roberto Geraldo Pimenta Ribeiro Junior [mailto:[email protected]] > Sent: Friday, 18 May 2012 9:35 AM > To: <[email protected]> > Subject: Re: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > Ok .. Waiting.... > > Enviado via iPhone > > > Em 17/05/2012, às 20:34, "Leo Cadle" <[email protected]> escreveu: > > Hi Roberto, > > > > Hold the horses, RewriteLocation 2 may be the ticket, I did not have success > last time I tried it but this time it seems to be working. I will do a bit > more testing to confirm. > > > > Cheers, > > Leo. > > > > From: Roberto Pimenta Jr. [mailto:[email protected]] > Sent: Friday, 18 May 2012 8:57 AM > To: [email protected] > Subject: Re: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > > you also have the option to put the redirect in pound ...... > > > Em 17/05/2012, às 19:51, Roberto Pimenta Jr. <[email protected]> > escreveu: > > > > I think that rewritelocation 2 will do the trick... but i dont have an > environment to test. > > > Em 17/05/2012, às 19:42, Roberto Pimenta Jr. <[email protected]> > escreveu: > > have you tested with rewrite location or rewrite destination? > > > Em 17/05/2012, às 19:01, Leo Cadle <[email protected]> escreveu: > > Hi List, > > > > I will reply once here to all comments. > > > > I have removed HA Proxy, it was just doing the Load Balancing while Pound was > doing the SSL Offload. > > I had not tried to setup an environment like this before and was following a > tutorial that did it this way. Once I installed Pound I could see it could do > the same thing on the back end but did not remove HA Proxy straight away. It > is now out of the picture. > > I am trying to replicate our production environment in a test scenario. Our > production environment uses hardware load balancers, I am trying to see if I > can replicate the configuration using software Load Balancers so we can > better test our releases. So far I have tried Microsoft ARR, which has a > checkbox to enable or disable this particular behaviour called ‘Reverse > rewrite host header’. > > The backend web server is a singe server with one IP address, it hosts > multiple sites answering to different subdomains. That is why we have the > wildcard certificate. The DNS is set correctly with all sudomains pointing to > the same IP. Without Pound the redirect works correctly, when pound is > involved the subdomain always gets rewritten to the starting subdomain. It is > not a problem with our redirect code, it is a simple redirect, this is a > replica of our production code which works correctly behind Brocade Load > Balancers (http://www.brocade.com/index.page) and also works behind Microsoft > ARR (something else is the problem with ARR). > > I have included a tcp dump that shows the rewrite taking place. > > > > Cheers, > > Leo. > > On Fri, May 18, 2012 at 4:39 AM, Roberto Geraldo Pimenta Ribeiro Junior > <[email protected]> wrote: > > -Are you using nginx or apache? > > -Could you send us your redirect code in the php file? > > -Why are you using pound AND haproxy? > > > > Regards, > > Roberto > > > > De: Roberto Geraldo Pimenta Ribeiro Junior > Enviada em: quinta-feira, 17 de maio de 2012 15:36 > Para: [email protected] > Assunto: RES: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > I completely agree. It does not seem a pound matter….. > > > > De: Jacob Anderson [mailto:[email protected]] > > Enviada em: quinta-feira, 17 de maio de 2012 12:20 > Para: [email protected] > > Assunto: RE: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > Hello, > > > > For my take, and my experience only, I’ve had this occur when I did not have > the DNS setup properly. In my case, I was not setting the sd1.example.com and > sd2.example.com domains back to the local IP addresses. When this was the > case, pound would not redirect correctly and our login would never work. Once > I added the local IP name service for example.com, pound started to redirect > properly. Our backends were tomcat servers. > > > > Just my experience, and it may not reflect what you are experiencing. Pound > is very touchy about DNS from what I’ve seen. > > > > -- Jake > > > > > > From: Andrzej Dopierała [mailto:[email protected]] > Sent: Thursday, May 17, 2012 6:43 AM > To: [email protected] > Subject: Re: [Pound Mailing List] Wildcard Certificate and 302 redirect > > > > W dniu 17.05.2012 04:16, Leo Cadle pisze: > > Hi List, > > > > I am having trouble with Pound in front of HAProxy, they are performing SSL > Offload and Load Balancing in front of a Web Server with multiple sites in > the same domain. Everything works apart from one niggling problem, when I do > a 302 redirect from one subdomain site to another on the webserver it does > not change the subdomain sent to the client. E.g. > https://sd1.example.com/test.php performs a 302 redirect to > https://sd2.example.com/result.php but instead the client is redirected to > https://sd1.example.com/result.php I have included my config below. I have > read the man pages, the mailing list and scoured google but I cannot seem to > find the same issue explained in a way I can make sense of. This is my first > time using Pound and HAProxy (I have sent the same question to the HAProxy > list) I am not sure where this is going wrong but have searched resolutions > in both software. > > > > use > "RewriteLocation 0" in Listeners. > > # poundctl control socket > > Control "/var/run/pound/poundctl.socket" > > > > > > ###################################################################### > > ## listen, redirect and ... to: > > > > ## redirect all requests on port 8080 ("ListenHTTP") to the local webserver > (see "Service" below): > > ListenHTTP > > Address 127.0.0.1 > > Port 8080 > > Client 10 > > ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: > > # xHTTP 0 > > > > Service > > BackEnd > > Address 127.0.0.1 > > Port 80 > > End > > End > > End > > > > ListenHTTPS > > Address 192.168.1.80 > > Port 443 > > Cert "/etc/pound/star.staging.poli.local.pem" > > Client 20 > > Service > > BackEnd > > Address 127.0.0.2 > > Port 80 > > End > > End > > End > > > > > > > > > > > > > > > > > > > > > > > > > [ Wrote 60 lines ] > > ^G Get Help ^O WriteOut ^R Read File > ^Y Prev Page ^K Cut Text ^C Cur Pos > > ^X Exit ^J Justify ^W Where Is > ^V Next Page ^U UnCut Text ^T To Spell > > > > Regards, > > Leo Cadle > > > > Network/System Administrator > > POLi Payments > > > > Phone Numbers > > Direct: +61 3 8601 5907 > > Main: +61 3 8601 5900 > > Free: 1300 007654 > > Fax: +61 3 8601 5999 > > > > URL: http://www.polipayments.com > > > > ____________________________________________________________________________ > > This e-mail and any attachments to it (the "Communication") are, unless > otherwise stated, confidential. It may contain copyright material and is for > the use only of the intended recipient. If you have received the > Communication in error, please notify the sender immediately by return > e-mail, then delete the Communication and the return e-mail. Please do not > read, copy, retransmit or otherwise deal with it. Any views expressed in the > Communication are those of the individual sender only, unless expressly > stated to be those of Centricom Pty Ltd (ABN73 105 393 664). Centricom does > not accept liability in connection with the integrity of (or errors) in the > Communication, computer virus, data corruption, interference or delay arising > from or in respect of the Communication. > > > > > > -- > Regards, > > Andrzej 'The Undefined' Dopierała > http://andrzej.dopierala.name/ > > > > -- > > > > Regards, > > > > Leo Cadle > > Network/System Administrator > > POLi Payments > > > > Phone Numbers > > Direct: +61 3 8601 5907 > > Main: +61 3 8601 5900 > > Fax: +61 3 8601 5999 > > > > URL: http://www.polipayments.com > > ____________________________________________________________________________ > > > > This e-mail and any attachments to it (the "Communication") are, unless > otherwise stated, confidential. It may contain copyright material and is for > the use only of the intended recipient. If you have received the > Communication in error, please notify the sender immediately by return > e-mail, then delete the Communication and the return e-mail. Please do not > read, copy, retransmit or otherwise deal with it. Any views expressed in the > Communication are those of the individual sender only, unless expressly > stated to be those of Centricom Pty Ltd (ABN73 105 393 664). Centricom does > not accept liability in connection with the integrity of (or errors) in the > Communication, computer virus, data corruption, interference or delay arising > from or in respect of the Communication. > > > > <redir.cap>
