Hi Per http://linux.die.net/man/8/pound
Your backend config stanza - you need "HTTPS" directive.. >>> _ BackEnd_ >>> _ Address 192.168.0.101_ >>> _ Port 443_ >>> _ End_ That should be: BackEnd_ Address 192.168.0.101 Port 443 HTTPS End What's happening - Pound is trying to talk to the backserver on port 443 - but using HTTP - hence the error. It you tell pound to talk to the back end on HTTPS - that should fix it. Regards - KR ----- Original Message ----- From: [email protected] To: [email protected] Sent: Thursday, 12 November, 2015 12:17:45 PM Subject: Re: [Pound Mailing List] Port 80 and SSL to the same Host Nobody with an Idea? ;( Am 2015-11-05 23:04, schrieb Marc Schulte: > Hi, > > i have some trouble with my pound.cfg > > /--- Server 1 -> Service on 80 and 443 > www.server0.com [2] > ipfire with pound > \--- Server 2 -> Service on 80 and 443 > www.server1.com [3] > > Only with port 80 it works great, if i type server0.com i get output > from Server1, if i type server1.com i get the output from Server2. > > But, it only works on port 80, if i want to use port 443 and https, i > became this error: > > _YOUR BROWSER SENT A REQUEST THAT THIS SERVER COULD NOT UNDERSTAND._ > _ REASON: YOU'RE SPEAKING PLAIN HTTP TO AN SSL-ENABLED SERVER PORT._ > INSTEAD USE THE HTTPS SCHEME TO ACCESS THIS URL, PLEASE. > > Here is my config: > >>> _LogLevel 2_ >>> >>> _ListenHTTP_ >>> _ Address 0.0.0.0_ >>> _ Port 80_ >>> _ Service_ >>> _ HeadRequire "Host: .*www.server0.com.*"_ >>> _ BackEnd_ >>> _ Address 192.168.0.100_ >>> _ Port 80_ >>> _ End_ >>> _ End_ >>> _ Service_ >>> _ HeadRequire "Host: .*www.server1.com.*"_ >>> _ BackEnd_ >>> _ Address 192.168.0.101_ >>> _ Port 80_ >>> _ End_ >>> _ End_ >>> _End_ >>> >>> _ListenHTTPS_ >>> _ Address 0.0.0.0_ >>> _ Port 443_ >>> _ Cert "/etc/pki/tls/private/default.pem"_ >>> _ xHTTP 3_ >>> _ AddHeader "X-Forwarded-Proto: https"_ >>> _ HeadRemove "X-Forwarded-Proto"_ >>> _ HeadRemove "X-Forwarded-For"_ >>> >>> _ Service_ >>> _ HeadDeny "X-SSL-Subject: .*"_ >>> _ HeadDeny "X-SSL-Issuer: .*"_ >>> _ HeadDeny "X-SSL-notBefore: .*"_ >>> _ HeadDeny "X-SSL-notAfter: .*"_ >>> _ HeadDeny "X-SSL-serial: .*"_ >>> _ HeadDeny "X-SSL-cipher: .*"_ >>> _ HeadRequire "Host: .*www.server0.com.*"_ >>> _ BackEnd_ >>> _ Address 192.168.0.101_ >>> _ Port 443_ >>> _ End_ >>> _ Session_ >>> _ Type IP_ >>> _ TTL 60000_ >>> _ End_ >>> _ End_ >>> >>> _ Service_ >>> _ HeadDeny "X-SSL-Subject: .*"_ >>> _ HeadDeny "X-SSL-Issuer: .*"_ >>> _ HeadDeny "X-SSL-notBefore: .*"_ >>> _ HeadDeny "X-SSL-notAfter: .*"_ >>> _ HeadDeny "X-SSL-serial: .*"_ >>> _ HeadDeny "X-SSL-cipher: .*"_ >>> _ HeadRequire "Host: .*www.server1.com.*"_ >>> _ BackEnd_ >>> _ Address 192.168.0.101_ >>> _ Port 443_ >>> _ End_ >>> _ Session_ >>> _ Type IP_ >>> _ TTL 60000_ >>> _ End_ >>> _ End_ >>> _End_ > If i go directly to boot server, http and https works well. > At the first connection to the pound-service, ive got a question if i > want to trust the ssl-certificat (the default.pem from the > pound-service), so thats works fine too. > > Has somebody an idea? > > I have an idea, but i dont know if this the clean way: > i setup two ips on every server, for http i use 192.168.0.100, for > https request i use 192.168.0.101 on server0, and 192.168.0.102 http > and 192.168.103 https on server1. > > Best Regards > > -- > Marc Schulte > > Sollten Sie nicht der richtige Empfänger dieser Email sein bitte ich > um eine kurze Rückmeldung > und die Löschung der Email. Danke > > Bitte senden Sie mir keine Word- oder PowerPoint-Anhänge. > Siehe http://www.gnu.org/philosophy/no-word-attachments.de.html [1] > > [ 9 our of 10 voices in my head always tell me that i´m not insane. > The 10th is only humming the melody of TETRIS. ] > > > Links: > ------ > [1] http://www.gnu.org/philosophy/no-word-attachments.de.html > [2] http://www.server0.com > [3] http://www.server1.com -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
