I am running pound 2.6 and a Play Framework 2.4.3 webapp on an XUbuntu 14.10 server. This server and the client machine that I test are on the same subnet. The server has an entry in /etc/hosts that looks like this:
127.0.0.1  localhost gojira.scalacourses.com

The client has an entry in /etc/hosts that looks like this:
192.168.10.21   gojira.scalacourses.com

My Play Framework 2.4.3 webapp responds to http on port 9000 and https on port 9443. It delivers the desired content for the following URLs when accessed from the client machine:
  http://gojira.scalacourses.com:9000/Dingbat
  https://gojira.scalacourses.com:9443/Dingbat

The problem is that Pound fails to frontend the webapp for SSL when accessed using default port for https (i.e. from https://gojira.scalacourses.com/Dingbat). The log message from Pound is:
e500 for 127.0.0.1 response error read from 127.0.0.1:9443/GET (url follows)
  ... and the webapp never gets the request
  ... and the web browser shows "An internal server error occurred. Please try again later."

I am using a self-signed certificate for the Play webapp, generated by JDK 8's keytool, like this:
keytool -genkey -keystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.jks -keyalg RSA -keypass password -storepass password -keysize 2048


So Pound could use the self-signed certificate, I converted it to a PEM without encrypted keys like this:

$ keytool -importkeystore \
  -srckeystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.jks \
  -destkeystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \
  -srcstoretype jks \
  -deststoretype pkcs12
$ openssl pkcs12 \
  -in /var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \
  -out /var/work/sslDemo/conf/ssl/selfSigned.keystore.pem \
  -nodes

Here is my /etc/pound/pound.cfg:

User    "root"
Group   "root"
LogLevel 2
Alive    30
Control "/var/run/pound/poundctl.socket"

# Redirect all http requests on port 80 to https
# The Play webapp should never see this happen because Pound issues the redirect to the web browser
ListenHTTP
  Address 0.0.0.0
  Port 80
  Service
    Redirect "https://gojira"
  End
End

## Redirect all requests on port 443 to the Play Framework webapp on port 9443
ListenHTTPS
  Address 0.0.0.0
  Port 443
  Cert "/var/work/sslDemo/conf/ssl/selfSigned.keystore.pem"
  HeadRemove "X-Forwarded-Proto"
  AddHeader "X-Forwarded-Proto: https"
  Service
    BackEnd
      Address 127.0.0.1
      Port 9443
    End
  End
End

Suggestions?
Thanks,
Mike


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to