On 02/12/2016 07:40 AM, Mark Haney wrote:
While I can do SSL passthrough, I'm still stumped as to why this is a problem. The media listed does have 'http://' items listed, but what doesn't make sense is that the server I'm pulling from doesn't have that problem when it's pure HTTPS. I would think absolute URLs /on the web server/ would have shown up while it has SSL on the server itself. That's what makes no sense to me.
When SSL is terminated in the server, Joomla can determine that the client wants https URLs, by checking properties of the connection. If you terminate SSL at the proxy, which then uses http: to the web server, your web apps determine that the client is using http: when they check the properties. And when they see a client on http:, they'll generate URLs that match. Some of the time you can influence that, but it depends on your app supporting an external SSL proxy and providing such settings.
However, I do appreciate the headsup for SSLdump. I'd forgotten that tool existed, which makes it a bit easier to move back to SSL Passthrough. However, the OCD in me just can't let this lie without an answer. Based on what I understand of the SSL termination config, haproxy is supposed to encrypt everything it gets from the HTTP web server so that the client sees nothing but HTTPS packets. For some reason, it's not doing that and that bugs me.
The one thing your proxy isn't doing is modifying the content of the web pages. If the server includes an http:// URL, it'll be passed to the client, which generates a warning. At that point, the client has only seen HTTPS packets, so your proxy is doing exactly what you expect. It's the web application that isn't, because you've obscured the fact that the client is requesting https:// URLs.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org