Hi Francoise, Can you show me your current pound.cfg file please (replace anything with X's)
~Scott On 20 September 2012 15:49, Francoise Dehinbo < [email protected]> wrote: > I tried your suggestion below so pound runs on 443 and 80. All http goes > from pound to the new perlbal port 8080. And all https goes through pound > as usual. I still have the same problem. Cannot redirect from http to > https and vise versa (now that pound is running both ports). > > From: Scott McKeown <[email protected]<mailto:[email protected] > >> > Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto: > [email protected]>> > Date: Thursday, 20 September 2012 13:40 > To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto: > [email protected]>> > Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot > get certificate > > So your Pound Setup and the Web Site are running on the same server, sorry > I have mine setup in a Proxy mode which is a slightly different setup. > I don't know perlbal but at a guess you should be able to change the port > that its listening on in its config file to something like 8080 and then > with the pound redirect as above inplace but to port 8080 for the BackEnd > > > ~Scott > > > On 20 September 2012 12:51, Francoise Dehinbo < > [email protected]<mailto:[email protected]>> > wrote: > Just for testing, I stopped perlbal, added the ListenHTTP suggestion to > pound, so now pound runs on ports 443 and 80. The problem is worse. I > cannot go from http to https or from https to http. So it's definitely > something with pound! Previously I reinstalled pound with just plain 2.6 > without any patches and it's the same problem! > > From: Scott McKeown <[email protected]<mailto:[email protected] > ><mailto:[email protected]<mailto:[email protected]>>> > Reply-To: "[email protected]<mailto:[email protected]><mailto:[email protected] > <mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto: > [email protected]<mailto:[email protected]>>> > Date: Thursday, 20 September 2012 12:30 > To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto: > [email protected]>>" <[email protected]<mailto:[email protected]><mailto: > [email protected]<mailto:[email protected]>>> > Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot > get certificate > > Hi Francoise, > > OK think I've got it now. Try something like this: > > > User "nobody" > Group "nobody" > LogLevel 1 > > ListenHTTPS > Address xxx.xxx.xxx.xxx > Port 443 > Cert "/etc/pound/dev.pem" > Ciphers > "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5" > AddHeader "X-Secure-Connection: true" > Service > BackEnd > # Send everything PSGI apps > Address 127.0.0.1 > Port 5555 > End > End > End > ListenHTTP > Address xxx.xxx.xxx.xxx > Port 80 > Service > BackEnd > Address 127.0.0.1 > Port 5555 > End > End > End > > This should stop the looping and catch anything that is HTTP and display > as normal. If you want for FORCE HTTP traffic to HTTPS the Redirect option > should work > > ~Scott > > Privacy and Confidentiality Notice: > > This is strictly confidential and intended solely for the person or > organisation to whom it is addressed. It may contain privileged and > confidential information and if you are not an intended recipient, you must > not copy, distribute or take any action in reliance on it. If you have > received this message in error, please notify us as soon as possible and > delete it and any attached files from your system. > The views and opinions expressed in this email message are the author's > own and may not reflect the views and opinions of the author's employer. > > Foxtons Limited is registered in England and Wales (registered number > 01680058). Our registered office is at Building One, Chiswick Park, 566 > Chiswick High Road, London, W4 5BE. > > _____________________________________________________________________ > This e-mail has been scanned for viruses by MessageLabs. > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
