Forum OpenACS Q&A: Re: Virtual hosting with AOLserver 4

Collapse
12: Re: Virtual hosting with AOLserver 4 (response to 10)
Posted by Jorge Garcia on 11/14/03 06:07 PM
Bart, one more thing.

You say Pound supports HTTPS virtual hosting, but I was reading the Pound webpage at http://www.apsis.ch/pound/index.html and this is what I found.

<blockquote>>>>>
</blockquote>

Virtual Hosts and HTTPS

Quite often we get inquiries about Pound's ability to do virtual hosting with HTTPS. In order to lay this matter to rest, let me say:

    HTTPS does not allow virtual hosting

This is not a limitation of Pound, but of HTTPS - no Web server or proxy are able to do it due to the nature of the beast.
<<<<<

Have you find the method to achieve this?

Could you then share a config file or some additional explanation?.

Thank you again.

/Jorge

Collapse
13: Re: Virtual hosting with AOLserver 4 (response to 12)
Posted by Bart Teeuwisse on 11/14/03 06:10 PM
Jorge,

yes that it is a typo. It should be patch. I plan to commit the patch to CVS when pound has resolved the issue with streaming pages.

/Bart

Collapse
15: Re: Virtual hosting with AOLserver 4 (response to 13)
Posted by Jorge Garcia on 11/14/03 06:19 PM
Ok. I understand now.

I see there exist a mailing list for Pound, but there exist a cvs access or some other link who could be of interest?.

/Jorge

Collapse
14: Re: Virtual hosting with AOLserver 4 (response to 12)
Posted by Bart Teeuwisse on 11/14/03 06:20 PM
Jorge,

by support for HTTPS virtual hosting I mean that the proxy will handle the SSL connection to then pass on the request to the backend server as a regular HTTP request. The backend server thus never sees the HTTPS connection. And in that sense pound does not proxy HTTPS connections. Which is what the Pound web page is trying to explain.

However, to the client it appears as if it does as the client establishes a secure connection with the proxy and returns the response from the backend server over the established secure connection. As such the client is not aware that the communication between the proxy and the backend server is not encrypted.

Further down the Pound webpage you can read how Pound can accept HTTPS connections and what information it forwards to the backend server in the HTTP connection between Pound and the server.

My patch allows OpenACS to detect a secure connection to Pound based on a custom header added to the information passed from Pound to the server so that OpenACS will treat the connection as a secure connection (e.g. as if it is a direct HTTPS connection). This makes proxied HTTPS connections transparent to OpenACS.

/Bart

Collapse
16: Re: Virtual hosting with AOLserver 4 (response to 14)
Posted by Jorge Garcia on 11/14/03 08:56 PM
Ok. I understand.

I'll wait for your patch, Bart :)

/Jorge