Re: php $_server variable when using haproxy stunnel
On Monday 24 of October 2011 20:48:33 Amol wrote: Hi, i was trying to check on my php variables using the following code on both my servers ?php if($_SERVER['HTTPS']) echo 'https'; else echo 'Not Https'; echo BR; $port = $_SERVER['SERVER_PORT']; echo $port; echo BR; $protocol = $_SERVER[SERVER_PROTOCOL]; echo $protocol; ? my output would be: Not Https 80 HTTP/1.1 my stunnel config is : --- [https-load] cert=/etc/stunnel/ssl/group-wildcard.pem key = /etc/stunnel/ssl/name.key accept=100.00.10.10:443 connect=11.10.51.231:8000 TIMEOUTclose=0 xforwardedfor=yes and haproxy config is : --- listen webcluster1 11.10.51.231:8000 mode http stats enable balance roundrobin cookie BALANCEID insert indirect nocache option httpclose option forwardfor except 127.0.0.1 option httpchk HEAD /check.txt HTTP/1.0 #http-check disable-on-404 server load1-app 11.10.42.17:80 cookie A check server load2-app 11.10.55.90:80 cookie B check How can i get my $_server variable to be 'https? and is my connection secure as of this arrangement? Between client and 100.00.10.10:443 = YES; between 100.00.10.10 and 11.10.51.231 = NO. If you want to have SERVER_PROTOCOL set to 'https' you should add this to your config: reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if src 127.0.0.1 Regards, Brane
Re: php $_server variable when using haproxy stunnel
Thanks Brane for the reply but setting these options in my haproxy config reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if src 127.0.0.1 gives me these errors $ sudo /etc/init.d/haproxy restart * Restarting haproxy haproxy [ALERT] 296/171242 (1024) : parsing [/etc/haproxy/haproxy.cfg:91] : error detected while parsing a 'reqadd' condition. [ALERT] 296/171242 (1024) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 296/171242 (1024) : Fatal errors found in configuration. From: Brane F. Gračnar brane.grac...@tsmedia.si To: haproxy@formilux.org; Amol mandm_z...@yahoo.com Sent: Monday, October 24, 2011 4:58 PM Subject: Re: php $_server variable when using haproxy stunnel On Monday 24 of October 2011 20:48:33 Amol wrote: Hi, i was trying to check on my php variables using the following code on both my servers ?php if($_SERVER['HTTPS']) echo 'https'; else echo 'Not Https'; echo BR; $port = $_SERVER['SERVER_PORT']; echo $port; echo BR; $protocol = $_SERVER[SERVER_PROTOCOL]; echo $protocol; ? my output would be: Not Https 80 HTTP/1.1 my stunnel config is : --- [https-load] cert=/etc/stunnel/ssl/group-wildcard.pem key = /etc/stunnel/ssl/name.key accept=100.00.10.10:443 connect=11.10.51.231:8000 TIMEOUTclose=0 xforwardedfor=yes and haproxy config is : --- listen webcluster1 11.10.51.231:8000 mode http stats enable balance roundrobin cookie BALANCEID insert indirect nocache option httpclose option forwardfor except 127.0.0.1 option httpchk HEAD /check.txt HTTP/1.0 #http-check disable-on-404 server load1-app 11.10.42.17:80 cookie A check server load2-app 11.10.55.90:80 cookie B check How can i get my $_server variable to be 'https? and is my connection secure as of this arrangement? Between client and 100.00.10.10:443 = YES; between 100.00.10.10 and 11.10.51.231 = NO. If you want to have SERVER_PROTOCOL set to 'https' you should add this to your config: reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if src 127.0.0.1 Regards, Brane
Re: php $_server variable when using haproxy stunnel
On Monday 24 of October 2011 23:13:54 Amol wrote: Thanks Brane for the reply but setting these options in my haproxy config reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if src 127.0.0.1 gives me these errors $ sudo /etc/init.d/haproxy restart * Restarting haproxy haproxy [ALERT] 296/171242 (1024) : parsing [/etc/haproxy/haproxy.cfg:91] : error detected while parsing a 'reqadd' condition. [ALERT] 296/171242 (1024) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 296/171242 (1024) : Fatal errors found in configuration. Oh, ofcourse, acl should be named or anonymous in braces... Try this: acl trusted_source src 127.0.0.1 reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if trusted_source Best regards, Brane
Re: php $_server variable when using haproxy stunnel
Hi Brane, this time it worked (the server restarted fine after i added those lines) can you please elaborate how adding these lines has affected my configuration ? since i still see that on the clients that the php variable $_SERVER['HTTPS'] is Not Https Thanks From: Brane F. Gračnar brane.grac...@tsmedia.si To: Amol mandm_z...@yahoo.com Cc: haproxy@formilux.org haproxy@formilux.org Sent: Monday, October 24, 2011 5:37 PM Subject: Re: php $_server variable when using haproxy stunnel On Monday 24 of October 2011 23:13:54 Amol wrote: Thanks Brane for the reply but setting these options in my haproxy config reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if src 127.0.0.1 gives me these errors $ sudo /etc/init.d/haproxy restart * Restarting haproxy haproxy [ALERT] 296/171242 (1024) : parsing [/etc/haproxy/haproxy.cfg:91] : error detected while parsing a 'reqadd' condition. [ALERT] 296/171242 (1024) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 296/171242 (1024) : Fatal errors found in configuration. Oh, ofcourse, acl should be named or anonymous in braces... Try this: acl trusted_source src 127.0.0.1 reqidel ^Server-Protocol: reqadd Server-Protocol:\ https if trusted_source Best regards, Brane