Forum OpenACS Q&A: Re: how to config for multiple aolserver instances

Collapse
Posted by Brad Duell on
Bart,

(sorry this took me a while to get around to testing)

No, I haven't tried it, but I was able to reproduce what you were seeing.

I'll try to look into what a workaround might be for areas of a site.  Any luck with other proxy's in this https->http<->http configuration?

Collapse
Posted by Bart Teeuwisse on
Brad,

Just returned from climbing in the Alps. No, I haven't tried other proxies in conjunction with HTTPS. The changes to pound by Gustav look very promissing though. But I'm holding off till his patches make it to the standard distribution of pound and till AOLserver supports X-forwarded-header so that it can log the IP address that the HTTP(S) request originated from.

Another issue with Squid is that SSL support appears to be incomplete.

https_port 127.0.0.1:443 cert=/PATH_TO_CA_CERT/cacert.pem key=/PATH_TO_KEY/key.pem version=1

Shouldn't cert point to the cert of the web server and not of the CA? And were should the CA cert reside? I looked at the code and there seems to be a ca_cert command line parameter.

Clients reject the SSL certificate in my current Squid configuration because the CA cert is missing. Are you experiencing the same problem?

/Bart