Nobody with an Idea? ;(
Am 2015-11-05 23:04, schrieb Marc Schulte:
Hi,
i have some trouble with my pound.cfg
/--- Server 1 -> Service on 80 and 443
www.server0.com [2]
ipfire with pound
\--- Server 2 -> Service on 80 and 443
www.server1.com [3]
Only with port 80 it works great, if i type server0.com i get output
from Server1, if i type server1.com i get the output from Server2.
But, it only works on port 80, if i want to use port 443 and https, i
became this error:
_YOUR BROWSER SENT A REQUEST THAT THIS SERVER COULD NOT UNDERSTAND._
_ REASON: YOU'RE SPEAKING PLAIN HTTP TO AN SSL-ENABLED SERVER PORT._
INSTEAD USE THE HTTPS SCHEME TO ACCESS THIS URL, PLEASE.
Here is my config:
_LogLevel 2_
_ListenHTTP_
_ Address 0.0.0.0_
_ Port 80_
_ Service_
_ HeadRequire "Host: .*www.server0.com.*"_
_ BackEnd_
_ Address 192.168.0.100_
_ Port 80_
_ End_
_ End_
_ Service_
_ HeadRequire "Host: .*www.server1.com.*"_
_ BackEnd_
_ Address 192.168.0.101_
_ Port 80_
_ End_
_ End_
_End_
_ListenHTTPS_
_ Address 0.0.0.0_
_ Port 443_
_ Cert "/etc/pki/tls/private/default.pem"_
_ xHTTP 3_
_ AddHeader "X-Forwarded-Proto: https"_
_ HeadRemove "X-Forwarded-Proto"_
_ HeadRemove "X-Forwarded-For"_
_ Service_
_ HeadDeny "X-SSL-Subject: .*"_
_ HeadDeny "X-SSL-Issuer: .*"_
_ HeadDeny "X-SSL-notBefore: .*"_
_ HeadDeny "X-SSL-notAfter: .*"_
_ HeadDeny "X-SSL-serial: .*"_
_ HeadDeny "X-SSL-cipher: .*"_
_ HeadRequire "Host: .*www.server0.com.*"_
_ BackEnd_
_ Address 192.168.0.101_
_ Port 443_
_ End_
_ Session_
_ Type IP_
_ TTL 60000_
_ End_
_ End_
_ Service_
_ HeadDeny "X-SSL-Subject: .*"_
_ HeadDeny "X-SSL-Issuer: .*"_
_ HeadDeny "X-SSL-notBefore: .*"_
_ HeadDeny "X-SSL-notAfter: .*"_
_ HeadDeny "X-SSL-serial: .*"_
_ HeadDeny "X-SSL-cipher: .*"_
_ HeadRequire "Host: .*www.server1.com.*"_
_ BackEnd_
_ Address 192.168.0.101_
_ Port 443_
_ End_
_ Session_
_ Type IP_
_ TTL 60000_
_ End_
_ End_
_End_
If i go directly to boot server, http and https works well.
At the first connection to the pound-service, ive got a question if i
want to trust the ssl-certificat (the default.pem from the
pound-service), so thats works fine too.
Has somebody an idea?
I have an idea, but i dont know if this the clean way:
i setup two ips on every server, for http i use 192.168.0.100, for
https request i use 192.168.0.101 on server0, and 192.168.0.102 http
and 192.168.103 https on server1.
Best Regards
--
Marc Schulte
Sollten Sie nicht der richtige Empfänger dieser Email sein bitte ich
um eine kurze Rückmeldung
und die Löschung der Email. Danke
Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge.
Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html [1]
[ 9 our of 10 voices in my head always tell me that i´m not insane.
The 10th is only humming the melody of TETRIS. ]
Links:
------
[1] http://www.gnu.org/philosophy/no-word-attachments.de.html
[2] http://www.server0.com
[3] http://www.server1.com
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
