Article delegate-en/4247 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4246@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: HTTPS to HTTPS Rewriting
01 Dec 2008 16:11:20 GMT Guy Zuercher <ps4iabdyi-bfkmicbeir3r.ml@ml.delegate.org>
Raptus AG




Yutaka Sato wrote:
> Hi,
> 
> In message <_A4245@delegate-en.ML_> on 12/01/08(18:46:36)
> you Geeosor <praiabdyi-bfkmicbeir3r.ml@ml.delegate.org> wrote:
>  |> In message <_A4232@delegate-en.ML_> on 11/29/08(02:30:42)
>  |> you Geeosor <praiabdyi-bfkmicbeir3r.ml@ml.delegate.org> wrote:
>  |>  |Basically we have a site support.domain.tld which is accessible by http
>  |>  |and by https. Then there is the other site https://secure.domain.tld/ in
>  |>  |which we want to have the *content* of the support domain with all links
>  |>  |appearing as secure. Let me visualize this:
>  |>  |
>  |>  |Apache on Host 1                  Apache on Host2
>  |>  |- serves https://secure...        - server httpX://support...
>  |>  |
>  |>  |           ^                                 ^
>  |>  |           |__         Delegate            __|
> ...
>  |> In this case the target servers are switched with the url-path part but 
>  |> you can switch them with vertual host name with the "nvhost" MountOption.
>  |> See <URL:http://www.delegate.org/delegate/nvproxy> for more details.
>  |> 
>  |> You seem to writing abouth the way 2) but I can't figure out the reason.
>  |> Using DeleGate as a proxy with rewriting HTTPS/SSL content, at least
>  |> you need decrypt and encrypt it with STLS=mitm.
>  |
>  |I think either one of your ways. Since we need:
>  |
>  |Browser <-HTTPS-> Apache <-HTTP-> Delegate <-HTTP-> Apache
>  |                  https://secure...                 http://support...
> 
> Then I think your configuration seems to be figured like this:
> 
>  >         clients
>  >            |
>  >            v
>  >
>  >  Apache on Host 1                  Apache on Host2
>  >  - serves https://secure...        - server httpX://support...
>  > 
>  >            |                                 ^
>  >            +-->        Delegate            __|
> 
> Right?

Yes your sketch is correct.

> On 11/29/08(02:32) you Geeosor wrote in <_A4232@delegate-en.ML_>
>  |So we do not only want the URL and HTTP stuff rewritten, but also the
>  |absolute urls in the html body from httpX://support
>  |
>  |My approach was:
>  |
>  |Apache on Host1:
>  |----------------------------------------------------------
>  |ProxyRequests On
>  |ProxyPass /support/kb/ http://localhost:8888/kb/
>  |ProxyPassReverse /support/kb/ http://localhost:8888/kb/
> 
> Sorry but I don't know anything about the configuration syntax of Apache,
> I don't know why you need DeleGate between Apaches, and I don't know
> why you seem to use DeleGate as a proxy.
> Anyway you seem like to do mapping like this:
> 
>   1) https://secure/support/  <-->  http://support/
>   2) https://secure/support/  <---  https://support/
> 
> Am I right?

Infact we want to make https://support also available under the 2nd url
https://secure/support/. In order to reduce complexity we decided that
there is no need to have https between host2 and delegate.

>  |Delegate on Host1:
>  |----------------------------------------------------------
>  |./delegated -fv \
>  |-P8888 \
>  |SERVER=http \
>  |ADMIN=hostmaster@domain.. \
>  |PERMIT="*:*:*" \
>  |MOUNT="https://secure.domain.tld/* http://support.domain.tld/*"
>  |
>  |But apparently the vURL parameter cannot match. I also tried with SSL,
>  |but since the frontend apache serves already SSL there is no need for it
>  |from the backend servers.
> 
> I'm not so sure on your requirement but it might be configured like this:
> 
>   1) https://secure/support/ <--> http://delegate/ <--> http://support/
>   2) https://secure/support/ <--- http://delegate/ <--- https://support/
> 
> Here I supposed DeleGate is to get reqest forwarded from Apache as
> a usual origin HTTP server.
> 
>   MOUNT="/* http://support/* direction=fo"
>   MOUNT="https://secure/support/* http://support/*  direction=bo"
>   MOUNT="https://secure/support/* https://support/* direction=bo"
> 
> The first MOUNT parameter forward any requests to http://support and
> it is not used for rewriting URLs in responses.
> The second and the third one rewrites URLs in responses from
> http://support or https://support to https://secure/support.

That works! I was not aware the MOUNTs may be combined. Great, thanks a
lot :-)

cheers

GeE

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V