Forum OpenACS Q&A: Re: Virtual hosting with AOLserver 4

Collapse
Posted by Jorge Garcia on
Bart, one more thing.

You say Pound supports HTTPS virtual hosting, but I was reading the Pound webpage at http://www.apsis.ch/pound/index.html and this is what I found.

<blockquote>>>>>
</blockquote>

Virtual Hosts and HTTPS

Quite often we get inquiries about Pound's ability to do virtual hosting with HTTPS. In order to lay this matter to rest, let me say:

    HTTPS does not allow virtual hosting

This is not a limitation of Pound, but of HTTPS - no Web server or proxy are able to do it due to the nature of the beast.
<<<<<

Have you find the method to achieve this?

Could you then share a config file or some additional explanation?.

Thank you again.

/Jorge

Collapse
Posted by Bart Teeuwisse on
Jorge,

yes that it is a typo. It should be patch. I plan to commit the patch to CVS when pound has resolved the issue with streaming pages.

/Bart

Collapse
Posted by Jorge Garcia on
Ok. I understand now.

I see there exist a mailing list for Pound, but there exist a cvs access or some other link who could be of interest?.

/Jorge

Collapse
Posted by Bart Teeuwisse on
Jorge,

by support for HTTPS virtual hosting I mean that the proxy will handle the SSL connection to then pass on the request to the backend server as a regular HTTP request. The backend server thus never sees the HTTPS connection. And in that sense pound does not proxy HTTPS connections. Which is what the Pound web page is trying to explain.

However, to the client it appears as if it does as the client establishes a secure connection with the proxy and returns the response from the backend server over the established secure connection. As such the client is not aware that the communication between the proxy and the backend server is not encrypted.

Further down the Pound webpage you can read how Pound can accept HTTPS connections and what information it forwards to the backend server in the HTTP connection between Pound and the server.

My patch allows OpenACS to detect a secure connection to Pound based on a custom header added to the information passed from Pound to the server so that OpenACS will treat the connection as a secure connection (e.g. as if it is a direct HTTPS connection). This makes proxied HTTPS connections transparent to OpenACS.

/Bart

Collapse
Posted by Jorge Garcia on
Ok. I understand.

I'll wait for your patch, Bart :)

/Jorge