Forum OpenACS Q&A: Re: reverse proxy via apache...

Collapse
Posted by C. R. Oldham on
One showstopper is nsopenssl, which does not work with 4.0 yet.  Scott Goodwin is working on it.
Collapse
Posted by Peter Alberer on

We have tried both apache and Pound as ssl-reverse-proxy solutions for openacs. As far as the logging is concerned if you use apache you only need to use the apache http log, that contains all the info you should need. With the following config file lines the log file should look like the aolserver access.log:

HostnameLookups Off
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/access_log combined

If you want to use apache you will probably need some rewrite rules for redirects coming from the backend server that would otherwise by-pass the proxy server. OpenACS uses returnredirect quite a lot and you need to deal with that.

Pound is another option, it is a small reverse-ssl-proxy that lets you load balance requests based on url matching, it checks that status of the backend-servers and it has (as far as i know) most of the proxy-features apache can offer. Pound also takes care of the X-Forwarded-for headers and keeps a combined log file for all requests.

Collapse
Posted by Peter Alberer on
One showstopper is nsopenssl, which does not work with 4.0 yet. Scott Goodwin is working on it

If you use a ssl-reverse-proxy, aolserver does not need ssl, as only the traffic between the users browser and the reverse-proxy is via https. The proxy can connect to the backend server via http. Both apache and pound support that solution.