Article delegate-en/4250 of [1-4327] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4249@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: HTTPS to HTTPS Rewriting
02 Dec 2008 23:49:55 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project 
Hi,

In message <_A4249@delegate-en.ML_> on 12/02/08(02:20:58)
you Geeosor <praiabdyi-mxhgu4yn6kxw.ml@delegate.org> wrote:
 |Apache2 mod_proxy only supports rewriting the HTTP headers, but not the
 |content. Altough there is an external apache module mod_proxy_html
 |capable of doing that: http://apache.webthing.com/mod_proxy_html/

I see. It seems to be a relatively new feature.

 |But i prefer the Delegate approach...

I'm interested in how they (and other reverse proxies) think about
rewriting JavaScript because it is difficult and muddy to find URLs
chopped and scattered in the script.
DeleGate does the rewriting but not by default.  You need the
following option to enable rewriting of XML and JavaScript, etc.

  URICONV=where:any

This should be the default in future.


 |> It will be helpful for other users to show how you configured
 |> Apache to do it.
 |
 |The complete configuration would be:
 |
 |Global config:
 |        ...
 |        <ProxyMatch http://localhost:70[0-9][0-9]/.*>
 |              Order deny,allow
 |              Allow from all
 |        </ProxyMatch>
 |        ...
 |
 |Virtualhost:
 |        ...
 |        ProxyRequests On
 |        ProxyPass /support/kb/ http://localhost:8888/kb/
 |        ProxyPassReverse /support/kb/ http://localhost:8888/kb/
 |        ...
 |
 |Obviously localhost:8888 would be the Delegate as proxy to host2.
 |
 |Hope this is enough info. Otherwise just drop me a mail.

Thank you.  This is the first time I saw the configuration of Apache
and I thought that "ProxyXXXX" means forwarding the request to the next
hop regarding it as a HTTP proxy.  But it seems to mean that Apache
(mod_xxx) itself acts as a proxy server rather than an origin server.


 |>  |> Anyway you seem like to do mapping like this:
 |>  |> 
 |>  |>   1) https://secure/support/  <-->  http://support/
 |>  |>   2) https://secure/support/  <---  https://support/
 |>  |> 
 |>  |> Am I right?
 |>  |
 |>  |Infact we want to make https://support also available under the 2nd url
 |>  |https://secure/support/. In order to reduce complexity we decided that
 |>  |there is no need to have https between host2 and delegate.
 |> 
 |> Maybe you can do it with STLS=-fcl STLS=fsv:https if necessary.

If you don't need SSL between web1/host1 and DeleGate, this STLS=-fcl
is not necessary.

 |I tried something similar, but had no success.  If i am right, this
 |combination should decrypt traffic between delegate and host2 in order
 |to provide it to host1?

We can't rewrite HTTPS/SSL message (including URLs to be rewritten)
without decrypt it, of course.

 |If so, i would certainly need to accept the
 |certificate for host2 (support...)?

DeleGate does not verify the certificate by default.  If the problem
is in the SSL layer, you will get hints in your LOGFILE of DeleGate
with TLSCONF=-vd option in detailed level.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V