Le 27/12/2016 à 00:35, Patrick Hemmer a écrit :
On 2016/12/23 09:28, Arnall wrote:
Hi everyone,
i'm using a nbproc > 1 configuration for ssl offloading :
listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3
../..
server
Hi,
thanks for your answer, didn't know the src_is_local feature as it's a
1.7 feature, we're still in 1.6.
the dst_port seems ok to me, will use it !
Happy new year !
Le 27/12/2016 à 08:29, Elias Abacioglu a écrit :
Sorry just realized,
src_is_local won't work when using proxy protocol.
Pr
Hi Patrick,
On Mon, Dec 26, 2016 at 11:35:51PM +, Patrick Hemmer wrote:
> On 2016/12/23 09:28, Arnall wrote:
> > I though that send-proxy-v2-ssl could help but i have no idea how ...
> > src and src_port are OK with the proxy protocol but ssl_fc in
> > web_plain keeps answering false ( 0 ) ev
Sorry just realized,
src_is_local won't work when using proxy protocol.
Proxy protocol will preserve initial source information.
You can probably use dst_port like this instead:
acl secure dst_port 443
if is secure
On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu <
elias.abacio...@deltapr
On 2016/12/23 09:28, Arnall wrote:
> Hi everyone,
>
> i'm using a nbproc > 1 configuration for ssl offloading :
>
> listen web_tls
> mode http
> bind *:443 ssl crt whatever.pem process 2
> bind *:443 ssl crt whatever.pem process 3
>
> ../..
> server web_plain u...@plain.sock send-
Perhaps you could use src_is_local.
Something like this
frontend web_plain
acl is_local src_is_local
http-response add-header X-External-Protocol https if is_local
/Elias
On Fri, Dec 23, 2016 at 3:28 PM, Arnall wrote:
> Hi everyone,
>
> i'm using a nbproc > 1 configuration for ssl offlo
6 matches
Mail list logo
