On Jan 29, 2014, at 7:14 AM, Reindl Harald <[email protected]> wrote:
> Hi > > https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#client-and-traffic-server-connections > > i don't get with the documentation how to have several domains > in reverse-proxy mode each of them having their own certificates > and how that plays with "remap.conf" There is no binding between SSL SNI names and remap rules. > ___________________________________ > > maybe i try to explain the goal: > > * reverse proxy for a growing amount of domains > * most of them without SSL/TLS > * a growing amount should use SSL termination > * the most important thing: connection between ATS and origin > unencrypted simply because ATS in the case of TLS should > completly handle the burden of encryption > ___________________________________ > > also very interesting: > > how to enforce that a domain-mapping redirects to https > with httpd this can done with mod_rewrite but in case > ATS working as reverse-proxy that would lead in a loop > or not work at all because httpd does and should not > know how the connection to the reverse-proxy is > > <IfModule mod_rewrite.c> > RewriteEngine on > RewriteCond %{HTTPS} off > RewriteRule (.*) https://whatever.thelounge.net%{REQUEST_URI} > </IfModule> The only case where I have a site that does this, the origin sends a redirect from HTTP to HTTPS, which is cached by ATS. I expect that you could also do something like this in remap.config: redirect http://foo.com/ https://foo.com/ J
