Hi,
i have some trouble with my pound.cfg
/--- Server 1 -> Service on 80 and 443
www.server0.com
ipfire with pound
\--- Server 2 -> Service on 80 and 443
www.server1.com
Only with port 80 it works great, if i type server0.com i get output
from Server1, if i type server1.com i get the output from Server2.
But, it only works on port 80, if i want to use port 443 and https, i
became this error:
*_/Your browser sent a request that this server could not understand./_**_/
/_**_/Reason: You're speaking plain HTTP to an SSL-enabled server
port./_**_/
/_*/*_Instead use the HTTPS scheme to access this URL, please._*
/Here is my config: /
/
/LogLevel 2/
/ListenHTTP/
/ Address 0.0.0.0/
/ Port 80/
/ Service/
/ HeadRequire "Host: .*www.server0.com.*"/
/ BackEnd/
/ Address 192.168.0.100/
/ Port 80/
/ End/
/ End/
/ Service/
/ HeadRequire "Host: .*www.server1.com.*"/
/ BackEnd/
/ Address 192.168.0.101/
/ Port 80/
/ End/
/ End/
/End/
/ListenHTTPS/
/ Address 0.0.0.0/
/ Port 443/
/ Cert "/etc/pki/tls/private/default.pem"/
/ xHTTP 3/
/ AddHeader "X-Forwarded-Proto: https"/
/ HeadRemove "X-Forwarded-Proto"/
/ HeadRemove "X-Forwarded-For"/
/ Service/
/ HeadDeny "X-SSL-Subject: .*"/
/ HeadDeny "X-SSL-Issuer: .*"/
/ HeadDeny "X-SSL-notBefore: .*"/
/ HeadDeny "X-SSL-notAfter: .*"/
/ HeadDeny "X-SSL-serial: .*"/
/ HeadDeny "X-SSL-cipher: .*"/
/ HeadRequire "Host: .*www.server0.com.*"/
/ BackEnd/
/ Address 192.168.0.101/
/ Port 443/
/ End/
/ Session/
/ Type IP/
/ TTL 60000/
/ End/
/ End/
// Service//
// HeadDeny "X-SSL-Subject: .*"//
// HeadDeny "X-SSL-Issuer: .*"//
// HeadDeny "X-SSL-notBefore: .*"//
// HeadDeny "X-SSL-notAfter: .*"//
// HeadDeny "X-SSL-serial: .*"//
// HeadDeny "X-SSL-cipher: .*"//
// HeadRequire "Host: .*www.server1.com.*"//
// BackEnd//
// Address 192.168.0.101//
// Port 443//
// End//
// Session//
// Type IP//
// TTL 60000//
// End//
// End//
/End/
If i go directly to boot server, http and https works well.
At the first connection to the pound-service, ive got a question if i
want to trust the ssl-certificat (the default.pem from the
pound-service), so thats works fine too.
Has somebody an idea?/
/I have an idea, but i dont know if this the clean way:/
/i setup two ips on every server, for http i use 192.168.0.100, for
https request i use 192.168.0.101 on server0, and 192.168.0.102 http and
192.168.103 https on server1. /
/Best Regards/
/
--
Marc Schulte
Sollten Sie nicht der richtige Empfänger dieser Email sein bitte ich um eine
kurze Rückmeldung
und die Löschung der Email. Danke
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html
[ 9 our of 10 voices in my head always tell me that i´m not insane.
The 10th is only humming the melody of TETRIS. ]