[Ach] Reverse proxies / HTTPS frontend servers.
Oliver J. Morais
oliver.morais at gmail.com
Thu Nov 21 09:28:22 CET 2013
[Thu, Nov 21, 2013 at 09:03:30AM +0100] Ulrich Poeschl
> On 21.11.2013 07:56, Oliver J. Morais wrote:
> > +# HTTP Listener, redirects to HTTPS + Address 10.10.0.10 +
> > Port 80 + Service + Redirect "https://some.site.tld +
> > End +End
> I think there is a ListenHTTP missing, after the comment, right?
My bad, sorry, copy/paste f*ckup.
Below is a new patch wich puts Pound in section 9.11 as suggested!
$ diff -u proxy_solutions.tex proxy_solutions_pound.tex
--- proxy_solutions.tex 2013-11-21 09:20:24.417826175 +0100
+++ proxy_solutions_pound.tex 2013-11-21 09:20:56.478179380 +0100
@@ -16,6 +16,38 @@
Conclusio: Don't forget to check your proxy solutions ssl-capabilities. Also do so for your reverse-proxies!
+\subsubsection{Pound}
+% See http://www.apsis.ch/pound
+% See https://help.ubuntu.com/community/Pound
+
+Pound 2.6
+
+\begin{lstlisting}[breaklines]
+# HTTP Listener, redirects to HTTPS
+ListenHTTP
+ Address 10.10.0.10
+ Port 80
+ Service
+ Redirect "https://some.site.tld
+ End
+End
+## HTTPS Listener
+ListenHTTPS
+ Address 10.10.0.10
+ Port 443
+ AddHeader "Front-End-Https: on"
+ Cert "/path/to/your/cert.pem"
+ ## See 'man ciphers'.
+ Ciphers "+TLSv1.2:!SSLv3:!SSLv2:AES256:!aNULL:!eNULL:!NULL"
+ Service
+ BackEnd
+ Address 10.20.0.10
+ Port 80
+ End
+ End
+End
+\end{lstlisting}
+
\subsubsection{squid}
\todo{Write}
%% http://forum.pfsense.org/index.php?topic=63262.0
More information about the Ach
mailing list