Re: Configuring redirects httpd behind a TLS-terminating proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Konstantin,

On 1/24/17 3:53 AM, Konstantin Kolinko wrote:
> 2017-01-24 1:07 GMT+03:00 Christopher Schultz
> <chris@xxxxxxxxxxxxxxxxxxxxxx>:
>> 
>> I've got an EC2 instance behind a load balancer where TLS is
>> being terminated. I've arranged for two separate httpd (2.4.25) 
>> VirtualHosts: one for the secure connections (proxied from the
>> lb) and another for the non-secure connections.
>> 
>> I have a Redirect directive that isn't behaving as I'd like it to
>> behave :
>> 
>> RedirectMatch permanent ^/$    /site/
>> 
>> I have the same redirect in both VirtualHosts. The redirect
>> itself works, but it doesn't preserve the secure-protocol when
>> I'm using the secure VirtualHost.
>> 
> [....]
>> 
>> I'm expecting httpd to redirect a request from 
>> "https://www.example.com/"; to "https://www.example.com/site/";
>> but instead I'm getting redirected to
>> "http://www.example.com/site/";.
>> 
>> Can anyone see anything wrong with my configuration? Or do I have
>> a misunderstanding of how RedirectMatch will built its relative
>> URLs?
> 
> If that VirtualHost is accessed only by your lb, you should look
> at ServerName directive. It can include a scheme.

Interesting. It looks like that's exactly what I'm looking for. I just
did a quick test and it looks like that will solve my problem quite well
.

Alexandru, I was hoping to avoid using mod_proxy unless necessary, but
thanks for the suggestion.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYkjYSAAoJEBzwKT+lPKRYIpMQAIO1fUAIzXoniBecYhJ7CWGl
ZOaE3gsi9UPxtitDpoQU+BXrzDugcvmXNpIxUveQsQ4ZaqUOiot0QUXn80tne757
MwWx020G+Th6iFnaB4P7weSbJM1hRwXmXbUmA0vLXlScf8f9KdC0LqGYHqspOtCv
xdWrC3x66g/qLhxRmeseCU0tCjsrnben7CGwtzESsmqkB1XSAXSLID2hs/auakot
47+2J+tomGmP+HvGJ1yw5ClArGbmXF/geG3DH8QVEkviX3hX0nIVltoCYpAQtnYX
U8m6jhbtoqFk21qoSKcYVTY9Zk8Olb01hPs2KW7KCERHw4+7c0zhMu2FQ1RurHBC
2sDEe/OklHoeP9BExtxYGEqZcOHLpsOcoofM4wZGhTX+Wu41/HdJJDVKojz9E0C4
83S5IVmoIRBxr5QcfoW65To5WdYzRC0mlZN8Vae87M1kjfJAMQ2caN6brSLkDy7B
VRdX1GVS5a+sczyG0ska/zgflMV0mOyTtQHp3+tXy/HU18IoovUN4oxcuORtif1J
knmRVqjEDUcxh4TvuhjouHpsNg5DivaSFgwf43l2mwQPqldmmtKBoRMNVZjrBnhQ
d9zpEwMPwpkdUcHsgVWZe466u7dK+b5bQN336LJAtRFrb6KhVfrILoO1K2bvGb7L
eo4o+u7iJvNmgeN56l32
=7E9Q
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux