Forum OpenACS Development: Re: ad_conn peeraddr

Collapse
6: Re: ad_conn peeraddr (response to 4)
Posted by Malte Sussdorff on
Gustaf (or anyone else), how do you handle the fact that you might want to force SSL connections to Pound, yet security::secure_conn_p returns 0 always (as the reverse proxy is using http to communicate to the AOLserver). Is there a trick so I can tell security::secure_conn_p that the original request is actually secure ?
Collapse
7: Re: ad_conn peeraddr (response to 6)
Posted by Gustaf Neumann on
Pound adds multiple X-SSL-* request header fields to the request. The backend can query these and could set security::secure_conn_p (see https://www.apsis.ch/pound.html).
This was not an issue for us, since we only allow SSL connections from the outside world.

guess, with nginx one can get the same behaviour by using proxy_set_header.