Good to hear! On Thu, Nov 12, 2015 at 12:49 PM, Mike Slinn < [email protected]> wrote:
> Turns out all I had to do was to add this directive to the BackEnd > section: HTTPS > > All is well now. > > Mike > > > > > On 11/12/2015 11:08 AM, Mike Slinn wrote: > > I am running pound 2.6 and a Play Framework 2.4.3 webapp on an XUbuntu > 14.10 server. This server and the client machine that I test are on the > same subnet. The server has an entry in /etc/hosts that looks like this: > 127.0.0.1 localhost gojira.scalacourses.com > > The client has an entry in /etc/hosts that looks like this: > 192.168.10.21 gojira.scalacourses.com > > My Play Framework 2.4.3 webapp responds to http on port 9000 and https on > port 9443. It delivers the desired content for the following URLs when > accessed from the client machine: > http://gojira.scalacourses.com:9000/Dingbat > https://gojira.scalacourses.com:9443/Dingbat > > The problem is that Pound fails to frontend the webapp for SSL when > accessed using default port for https (i.e. from https:// > gojira.scalacourses.com/Dingbat). The log message from Pound is: > e500 for 127.0.0.1 response error read from 127.0.0.1:9443/GET (url > follows) > ... and the webapp never gets the request > ... and the web browser shows "An internal server error occurred. Please > try again later." > > I am using a self-signed certificate for the Play webapp, generated by JDK > 8's keytool, like this: > *keytool -genkey -keystore** > /var/work/sslDemo**/conf/ssl/selfSigned.keystore.jks > -keyalg RSA -keypass password -storepass password -keysize 2048* > > > So Pound could use the self-signed certificate, I converted it to a PEM > without encrypted keys like this: > > $ *keytool -importkeystore \ > -srckeystore **/var/work/sslDemo/conf/ssl/selfSigned.keystore.jks \ > -destkeystore **/var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \ > -srcstoretype jks \ > -deststoretype pkcs12* > $ *openssl pkcs12 \ > -in **/var/work/sslDemo/conf/ssl/selfSigned.keystore.p12 \ > -out **/var/work/sslDemo/conf/ssl/selfSigned.keystore.pem \ > -nodes* > > > Here is my /etc/pound/pound.cfg: > > User "root" > Group "root" > LogLevel 2 > Alive 30 > Control "/var/run/pound/poundctl.socket" > > # Redirect all http requests on port 80 to https > # The Play webapp should never see this happen because Pound issues the > redirect to the web browser > ListenHTTP > Address 0.0.0.0 > Port 80 > Service > Redirect "https://gojira"; <https://gojira> > End > End > > ## Redirect all requests on port 443 to the Play Framework webapp on port > 9443 > ListenHTTPS > Address 0.0.0.0 > Port 443 > Cert "/var/work/sslDemo/conf/ssl/selfSigned.keystore.pem" > HeadRemove "X-Forwarded-Proto" > AddHeader "X-Forwarded-Proto: https" > Service > BackEnd > Address 127.0.0.1 > Port 9443 > End > End > End > > Suggestions? > Thanks, > Mike > -- To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > > > -- To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- Anthony Tarlano | Chief Cloud Architect | Exablox | http://www.exablox.com <http://exablox.com/> | (m) 650-283-0488 | (skype) tarlano
