Hi Mark, Glad you got everything working, and thanks for posting your working config it makes it easier for others in the future.
If you need anything further just drop another post and I'm sure we will all chip in again. ~Yours, Scott On 15 January 2013 19:45, mark hardwick <[email protected]> wrote: > Hi All > Scott, Ivo, thanks for your help with my problem. > It took a little playing around but I got there in the end. > I ended up using the AddHeader method because I could get it to work in > both directions more easily. > I.e. Forcing access to login / register to be https while also forcing > access to all other pages to be http. > > In case anyone else is interested, I did the following; > In apache .htaccess file > > RewriteEngine On > RewriteBase / > > # force https for /login and /register > RewriteCond %{HTTP:IS_SSL} !^SSL$ > RewriteRule ^(login|register)$ https://%{HTTP_HOST}%{REQUEST_URI} > [R=301,L] > > # don't do anything for images/css/js (leave protocol as is) > RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L] > > # force http for all other URLs > RewriteCond %{HTTP:IS_SSL} ^SSL$ > RewriteCond %{REQUEST_URI} !^/(login|register)$ > RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] > > In pound > ListenHTTP > Address W.X.Y.Z > Port 80 > RewriteLocation 2 > > # Flooting.com > Service > HeadRequire "(Host: site.com)" > BackEnd > Address A.B.C.D > Port 80 > End > End > End > > ListenHTTPS > Address W.X.Y.Z > Port 443 > Cert "/etc/ssl/certs/site.pem" > AddHeader "IS_SSL: SSL" > RewriteLocation 2 > > Service > HeadRequire "(Host: site.com)" > > BackEnd > Address A.B.C.D > Port 80 > End > End > End > > The essential part is the RewriteLocation 2, without that, I still get a > mail loop. > > Cheers > Mark. > > On Jan 15, 2013, at 11:31 AM, [email protected] wrote: > > > hi mark > > > > i add this to the listenHTTPS > > AddHeader "IS_SSL: SSL" > > > > so http-requests on apache side that entered as https to pound got this > header. > > > > then i do something like this on apache: > > RewriteEngine On > > RewriteCond %{HTTP:IS_SSL} !^SSL$ > > RewriteRule ^(.*) https://site.com/$1 [L,R=301] > > > > good luck and cheers.ivo > > > > On 01/15/2013 11:18 AM, mark hardwick wrote: > >> Of course, I see what's happening now, > >> pound is seeing a request to https://site.com/login, decrypting the > connection, sending it to http://site.com/login which is then redirecting > the request back to https. > >> therefore a loop. > >> > >> ok, so what is the right way to tackle this problem? > >> > >> thanks > >> mark. > >> > >> On Jan 15, 2013, at 10:58 AM, mark hardwick wrote: > >> > >>> Hi All, > >>> I'm fairly new to both pound and apache configuration. I think the > issue I'm having is with pound configuration, but please excuse me if it's > actually apache. > >>> > >>> Ok, I want to configure my site so that if people head to > http://site.com/login they are redirected to https://site.com/login but, > if they try to browse to https://site.com/somewhere_else then they are > redirected to http://site.com/somewhere_else. > >>> > >>> I have installed my security certificate which is working. I can > browse http and https. > >>> I have configured pound to deal with the http and https as follows: > >>> > >>> ListenHTTP > >>> Address 91.187.69.155 > >>> Port 80 > >>> > >>> Service > >>> HeadRequire "(Host: flooting.com|Host: www.flooting.com)" > >>> BackEnd > >>> Address 192.168.0.2 > >>> Port 80 > >>> End > >>> BackEnd > >>> Address 192.168.0.3 > >>> Port 80 > >>> End > >>> End > >>> End > >>> > >>> ListenHTTPS > >>> Address 91.187.69.155 > >>> Port 443 > >>> Cert "/etc/ssl/flooting.com.pem" > >>> > >>> Service > >>> HeadRequire "(Host: flooting.com|Host: www.flooting.com)" > >>> BackEnd > >>> Address 192.168.0.2 > >>> Port 80 > >>> End > >>> BackEnd > >>> Address 192.168.0.3 > >>> Port 80 > >>> End > >>> End > >>> End > >>> > >>> > >>> I have configured apache ReWrite rules as follows: > >>> > >>> RewriteEngine On > >>> RewriteBase / > >>> > >>> # force https for /login and /register etc > >>> RewriteCond %{HTTPS} =off > >>> RewriteRule ^(login|register)$ https://%{HTTP_HOST}%{REQUEST_URI} > [R=301,L] > >>> > >>> # don't do anything for images/css/js (leave protocol as is) > >>> RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L] > >>> > >>> # force http for all other URLs > >>> RewriteCond %{HTTPS} =on > >>> RewriteCond %{REQUEST_URI} > !^/(login|register|payment\/status|gopro)$ > >>> RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] > >>> > >>> > >>> However the configuration does not work. > >>> It leads to a redirect loop error, which *appears* to be in pound. > >>> I say that because if I browse to flooting.com/login, pound attempts > to send the request to /login about 10 times and then gives up. > >>> At this point the browser responds with a "this webpage has a redirect > loop" error. there are no errors in the apache logs. > >>> > >>> I've tried get this working with just one backend webserver configured > in pound, however I still get a mail loop. > >>> So, what am I doing wrong? Is this even remotely the correct approach > to this problem or is there a better way? > >>> > >>> Thanks for your help > >>> Mark. > >>> > >>> > >>> -- > >>> To unsubscribe send an email with subject unsubscribe to > [email protected]. > >>> Please contact [email protected] for questions. > >> > >> > >> -- > >> To unsubscribe send an email with subject unsubscribe to [email protected] > . > >> Please contact [email protected] for questions. > >> > > > > > > > > -- > > To unsubscribe send an email with subject unsubscribe to [email protected]. > > Please contact [email protected] for questions. > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
