You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@trafficserver.apache.org by "Henry C." <he...@cityweb.co.za> on 2011/10/15 12:50:20 UTC

Reverse proxy for HTTPS

Hi,

I've got ts work as a reverse proxy for normal HTTP using the following config:

/usr/local/etc/trafficserver/records.config:
CONFIG proxy.config.http.server_port INT 80

/usr/local/etc/trafficserver/remap.config:
map             http://test.com/             http://direct.test.com/
reverse_map     http://direct.test.com/      http://test.com/

This seems to work well and I look forward to doing some benchmarks, etc.

However, I'm unclear on how to get ts to reverse proxy for HTTPS on port 443.

I've tried

/usr/local/etc/trafficserver/records.config:
CONFIG proxy.config.ssl.server_port  INT 443

...but that doesn't do anything.

netstat shows that port 443 is not being used by ts.  It's probably something
small somewhere which I'm too dense to pick up on.  Any pointers would be
appreciated.

I'm using ts 3.0.1 on CentOS 5.x.

...while typing this it occurred to me that maybe remap.config needs https://
map/reverse_map lines as well...?

-- 
Regards
Henry

Re: Reverse proxy for HTTPS

Posted by "Henry C." <he...@cityweb.co.za>.

On Sat, October 15, 2011 17:14, Leif Hedstrom wrote:
>> /usr/local/etc/trafficserver/records.config:
>> CONFIG proxy.config.ssl.server_port  INT 443
>>
>>
>> ...but that doesn't do anything.
>>
>
>
> Did you provide a server certificate? There ought to be errors in the
> logs if you didn't...

Thanks for the quick feedback Leif.

Yes, I did notice the error in the logs and incorrectly/stupidly assumed that
wasn't related - since this is on a different server for which I'm reverse
proxying, my brain didn't make the 'connect'.

Presumably then that would be the cert for the actual web server/IP, and not
some other cert for the proxy server/IP itself?

Thanks
Henry

Re: Reverse proxy for HTTPS

Posted by Leif Hedstrom <zw...@apache.org>.

On 10/15/2011 04:50 AM, Henry C. wrote:
> Hi,
>
> I've got ts work as a reverse proxy for normal HTTP using the following config:
>
> /usr/local/etc/trafficserver/records.config:
> CONFIG proxy.config.http.server_port INT 80
>
> /usr/local/etc/trafficserver/remap.config:
> map             http://test.com/             http://direct.test.com/
> reverse_map     http://direct.test.com/      http://test.com/
>
> This seems to work well and I look forward to doing some benchmarks, etc.
>
> However, I'm unclear on how to get ts to reverse proxy for HTTPS on port 443.
>
> I've tried
>
> /usr/local/etc/trafficserver/records.config:
> CONFIG proxy.config.ssl.server_port  INT 443
>
> ...but that doesn't do anything.


Did you provide a server certificate? There ought to be errors in the 
logs if you didn't...

-- Leif