Re: SSL-termination redirect loop

Tue, 06 May 2014 04:35:23 -0700 


Am 06.05.2014 13:06, schrieb Ethan Lai:
> I'd suggest use different names

that don't work because it would break the *automatic*
configuration of ATS / dnsmasq based on webservices
working with the real origin-configs

as well it would break php applications seeing
http://real-webspace.local/ as URL and so no longer
correctly fix href="http://domain/folder/file.ext";
to href="/folder/file.ext" by save content with
WYSIWG editors

the current solution works perfectly for some
hundret domains without touch ATS manually
and care about the origin, it only breaks
if ATS is supposed to do SSL-offloading
and force the client to https

IMHO that is a bug - the redirect statement
should not affect the right side of a map
in reverse proxy mode

> Add DNS: real-webspace.local   192.168.196.3
> 
> redirect http://webspace.local https://webspace.local
> map https://webspace.local http://real-webspace.local
> 
> 2014-05-06 18:37 GMT+08:00 Reindl Harald:
> 
>     Hi
> 
>     the settings below (which only make no sense without
>     the underlying DNS views) are resulting in a redirect
>     loop  but why?
> 
>     redirect http://webspace.local https://webspace.local
>     map https://webspace.local http://webspace.local
> 
>     * DNS-View external:    webspace.local -> 192.168.196.2 (192.168.196.2 = 
> ATS)
>     * DNS-View ATS machine: webspace.local -> 192.168.196.3 (192.168.196.3 = 
> Origin)
> 
>     the reason for that views is that this way automatic configuration of
>     ATS and dnsmasq based on webservices can be done and the decision using
>     the proxy or directly point to the origin is done with the public DNS
>     _____________________________________________________
> 
>     these two mappings are working fine with http and https
>     so i assume the problem is that the non-http-origin URL
>     triggers also teh redirect above
> 
>     map http://webspace.local http://webspace.local
>     map https://webspace.local http://webspace.local
>     _____________________________________________________
> 
>     these mappings also working because the origin itself
>     is also accessed with https, but the idea of the config
>     above is that ATS doing SSL termination, forcing the
>     client to use https but the origin has no SSL
> 
>     redirect http://webspace.local https://webspace.local
>     map https://webspace.local https://webspace.local

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to