Re: [Pound Mailing List] e500 for 127.0.0.1 response error read from 127.0.0.1:9443/GET

[Mike Slinn]

Turns out all I had to do was to add this directive to the BackEnd section: HTTPS All is well now. Mike On 11/12/2015 11:08 AM, Mike Slinn wrote: I am running pound 2.6 and a Play Framework 2.4.3 webapp on an XUbuntu 14.10 server. This server and the client machine that I test are on the same subnet. The server has an entry in /etc/hosts that looks like this: 127.0.0.1  localhost gojira.scalacourses.com The client has an entry in /etc/hosts that looks like this: 192.168.10.21   gojira.scalacourses.com My Play Framework 2.4.3 webapp responds to http on port 9000 and https on port 9443. It delivers the desired content for the following URLs when accessed from the client machine:   http://gojira.scalacourses.com:9000/Dingbat   https://gojira.scalacourses.com:9443/Dingbat The problem is that Pound fails to frontend the webapp for SSL when accessed using default port for https (i.e. from https://gojira.scalacourses.com/Dingbat). The log message from Pound is: e500 for 127.0.0.1 response error read from 127.0.0.1:9443/GET (url follows)   ... and the webapp never gets the request   ... and the web browser shows "An internal server error occurred. Please try again later." I am using a self-signed certificate for the Play webapp, generated by JDK 8's keytool, like this: keytool -genkey -keystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.jks -keyalg RSA -keypass password -storepass password -keysize 2048 So Pound could use the self-signed certificate, I converted it to a PEM without encrypted keys like this: $ keytool -importkeystore \ -srckeystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.jks \ -destkeystore /var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \ -srcstoretype jks \ -deststoretype pkcs12 $ openssl pkcs12 \ -in /var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \ -out /var/work/sslDemo/conf/ssl/selfSigned.keystore.pem \ -nodes Here is my /etc/pound/pound.cfg: User    "root" Group   "root" LogLevel 2 Alive    30 Control "/var/run/pound/poundctl.socket" # Redirect all http requests on port 80 to https # The Play webapp should never see this happen because Pound issues the redirect to the web browser ListenHTTP   Address 0.0.0.0   Port 80   Service     Redirect "https://gojira"   End End ## Redirect all requests on port 443 to the Play Framework webapp on port 9443 ListenHTTPS   Address 0.0.0.0   Port 443   Cert "/var/work/sslDemo/conf/ssl/selfSigned.keystore.pem"   HeadRemove "X-Forwarded-Proto"   AddHeader "X-Forwarded-Proto: https"   Service     BackEnd       Address 127.0.0.1       Port 9443     End   End End Suggestions? Thanks, Mike -- To unsubscribe send an email with subject unsubscribe to pound@apsis.ch. Please contact ro...@apsis.ch for questions. -- To unsubscribe send an email with subject unsubscribe to pound@apsis.ch. Please contact ro...@apsis.ch for questions.