There are multiple layers and here is the best order to achive such a thing:
1st, Thee best way is to actually handle this via the application so it will always request a https/443 (or whatever socket you use) 2nd, Use your reverse proxy to rewrite AND forward to an NGINX backend. Understand that for NGINX to handle SSL it must have a separate config block that has SSL keys in the declaration, be listening on a specific port (do not use 80, use 443 or any other port), AND have fastcgi params setup to ACCEPT HTTPS (which the normal stock fcgiparams supplied does NOT). 3rd, Use Nginx up front as your proxy (which is not acceptable) and actually hand things off to Apache to do HTTPS. Note that Nginx is great proxy but is not feature rich as say varnish. For that matter traffic server is pretty good too. You can find me in the nginx/fpm forums/groups, will help you out more if you post there along with some configs. - Jason On Dec 8 2009, 4:17 pm, bshelton <[email protected]> wrote: > I'm running nginx proxying to an apache app server (cluster). I need > to force SSL on certain URLs. Even with setting the header HTTPS on, I > can't get mod_rewrite in the apache server to tell when SSL was used > through nginx. That header is visible in PHP through $_SERVER so I > know it's being set. > > The other way is to just use a rewrite in nginx's port 80 > configuration, to rewrite to https://. > > We are using the same lib-nginx image for a few farms. I only want > these rewrite rules in one farm. If I manually edit the /etc/nginx/ > nginx.conf to add these changes, will that apply them to the other > farm if I do a sync, or if I reboot the machine without a sync, will > the changes be lost? > > Is the best way to do this always to copy the bases out to specific > images per farm if I want things like this. I do that for my app > server, I copy apache-app to my-app per farm. > > Just wonder the best way to configure forced SSL URL paths through > nginx or apache? > > Thanks, > Bryan
-- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/scalr-discuss?hl=en.
