You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Miguel González <mi...@yahoo.es.INVALID> on 2016/12/11 18:45:15 UTC
[users@httpd] ssl offloading behind a proxy
Dear all,
I am using Apache to offload SSL to non-ssl Apache running behind a
Varnish server. I do that with proxypass. Everything running WHM in a
Centos 6.8 server.
I do that because Varnish doesn�t manage HTTPs requests so you need a
Proxy SSL (Nginx, Pound or Apache - as I did myself).
I am using a script here:
https://github.com/AndreiG6/vscp
to pipe logs to Apache/WHM access logs.
All the requests that are proxied and hit the backend are logged in
non-ssl access logs. The ones that hit the cache are logged in SSL
access logs.
That confuses all web stat applications (webalizer, awstats) because
you have to check in two access logs to get an overall picture of all
requests (depending if they were cached or not).
Maybe My assumptions are wrong and there is no way to get logged all
HTTPS requests to only SSL access logs (even if they hit the backend).
HTTP requests are logged correctly with the vscp script.
Right now I am forcing all requests to be logged in non-SSL access
logs no matter what to have webstats correct and not splitted.
I hope I have explained myself right
Thanks!
Miguel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ssl offloading behind a proxy
Posted by Miguel González <mi...@yahoo.es.INVALID>.
The bottom line is that I need to get different logs for each domain for
webalizer.
How can I do that tagging so is understood by those stats applications?
On 12/16/16 6:05 PM, Jim Jagielski wrote:
> Why not put all accesses in a single log, with an extra tag on
> whether or not it was via SSL/HTTPS?
>> On Dec 16, 2016, at 11:41 AM, Miguel Gonz�lez <mi...@yahoo.es.INVALID> wrote:
>>
>> Nobody?
>>
>> On 12/11/16 7:45 PM, Miguel Gonz�lez wrote:
>>> Dear all,
>>>
>>> I am using Apache to offload SSL to non-ssl Apache running behind a
>>> Varnish server. I do that with proxypass. Everything running WHM in a
>>> Centos 6.8 server.
>>>
>>> I do that because Varnish doesn�t manage HTTPs requests so you need a
>>> Proxy SSL (Nginx, Pound or Apache - as I did myself).
>>>
>>> I am using a script here:
>>>
>>> https://github.com/AndreiG6/vscp
>>>
>>> to pipe logs to Apache/WHM access logs.
>>>
>>> All the requests that are proxied and hit the backend are logged in
>>> non-ssl access logs. The ones that hit the cache are logged in SSL
>>> access logs.
>>>
>>> That confuses all web stat applications (webalizer, awstats) because
>>> you have to check in two access logs to get an overall picture of all
>>> requests (depending if they were cached or not).
>>>
>>> Maybe My assumptions are wrong and there is no way to get logged all
>>> HTTPS requests to only SSL access logs (even if they hit the backend).
>>> HTTP requests are logged correctly with the vscp script.
>>>
>>> Right now I am forcing all requests to be logged in non-SSL access
>>> logs no matter what to have webstats correct and not splitted.
>>>
>>> I hope I have explained myself right
>>>
>>> Thanks!
>>>
>>> Miguel
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ssl offloading behind a proxy
Posted by Jim Jagielski <ji...@jaguNET.com>.
Why not put all accesses in a single log, with an extra tag on
whether or not it was via SSL/HTTPS?
> On Dec 16, 2016, at 11:41 AM, Miguel González <mi...@yahoo.es.INVALID> wrote:
>
> Nobody?
>
> On 12/11/16 7:45 PM, Miguel González wrote:
>> Dear all,
>>
>> I am using Apache to offload SSL to non-ssl Apache running behind a
>> Varnish server. I do that with proxypass. Everything running WHM in a
>> Centos 6.8 server.
>>
>> I do that because Varnish doesn´t manage HTTPs requests so you need a
>> Proxy SSL (Nginx, Pound or Apache - as I did myself).
>>
>> I am using a script here:
>>
>> https://github.com/AndreiG6/vscp
>>
>> to pipe logs to Apache/WHM access logs.
>>
>> All the requests that are proxied and hit the backend are logged in
>> non-ssl access logs. The ones that hit the cache are logged in SSL
>> access logs.
>>
>> That confuses all web stat applications (webalizer, awstats) because
>> you have to check in two access logs to get an overall picture of all
>> requests (depending if they were cached or not).
>>
>> Maybe My assumptions are wrong and there is no way to get logged all
>> HTTPS requests to only SSL access logs (even if they hit the backend).
>> HTTP requests are logged correctly with the vscp script.
>>
>> Right now I am forcing all requests to be logged in non-SSL access
>> logs no matter what to have webstats correct and not splitted.
>>
>> I hope I have explained myself right
>>
>> Thanks!
>>
>> Miguel
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ssl offloading behind a proxy
Posted by Miguel González <mi...@yahoo.es.INVALID>.
Nobody?
On 12/11/16 7:45 PM, Miguel Gonz�lez wrote:
> Dear all,
>
> I am using Apache to offload SSL to non-ssl Apache running behind a
> Varnish server. I do that with proxypass. Everything running WHM in a
> Centos 6.8 server.
>
> I do that because Varnish doesn�t manage HTTPs requests so you need a
> Proxy SSL (Nginx, Pound or Apache - as I did myself).
>
> I am using a script here:
>
> https://github.com/AndreiG6/vscp
>
> to pipe logs to Apache/WHM access logs.
>
> All the requests that are proxied and hit the backend are logged in
> non-ssl access logs. The ones that hit the cache are logged in SSL
> access logs.
>
> That confuses all web stat applications (webalizer, awstats) because
> you have to check in two access logs to get an overall picture of all
> requests (depending if they were cached or not).
>
> Maybe My assumptions are wrong and there is no way to get logged all
> HTTPS requests to only SSL access logs (even if they hit the backend).
> HTTP requests are logged correctly with the vscp script.
>
> Right now I am forcing all requests to be logged in non-SSL access
> logs no matter what to have webstats correct and not splitted.
>
> I hope I have explained myself right
>
> Thanks!
>
> Miguel
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org