You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Michael Wechner <mi...@wyona.com> on 2007/05/08 23:11:46 UTC
SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate
1, Attempt 2]
Joern Nettingsmeier wrote:
> Richard Frovarp wrote:
>
>> Andreas Hartmann wrote:
>>
>>> Joern Nettingsmeier schrieb:
>>>
>>> [...]
>>>
>>>
>>>
>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>> requires very intrusive changes (see my other post)... the way i
>>>> see it,
>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>> for a clean solution by the time of the hackathon.
>>>>
>>>
>>>
>>> OK, that sounds reasonable. What changes are necessary to make it
>>> (kind-of) work for the moment? Do you have the time to take care
>>> of it? I don't have a proxied setup running ATM.
>>>
>>> -- Andreas
>>>
>>>
>>>
>>
>> It does kind of work at the moment. The only caveat is if you have
>> the editing under SSL you have to base it at the root level
>>
>> https://example.com/default/authoring
>
>
> which is a bummer, because, as remarked in another thread, you cannot
> use name-based virtual hosting together with ssl.
I am not sure I understand correctly what you mean.
I think one can setup a name based vhost for 80 and another name based
vhost for 443 (with the same name but different port) and then point
from these two vhosts to the same Tomcat either pointing
80 -> 8080 and 443 -> 8080
or
80 -> 8080 and 443 ->8443
for instance. Or do I misunderstand something?
Cheers
Michael
> which means the lenya deployment will interfere with existing stuff....
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner@wyona.com michi@apache.org
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
Re: SSL and proxy [WAS: Re: [FREEZE-ANNOUNCEMENT] 1.4 Release Candidate
1, Attempt 2]
Posted by Joern Nettingsmeier <ne...@folkwang-hochschule.de>.
Michael Wechner wrote:
> Joern Nettingsmeier wrote:
>
>> Richard Frovarp wrote:
>>
>>> Andreas Hartmann wrote:
>>>
>>>> Joern Nettingsmeier schrieb:
>>>>
>>>> [...]
>>>>
>>>>
>>>>
>>>>> i think this is a really fundamental issue with lenya, and fixing it
>>>>> requires very intrusive changes (see my other post)... the way i
>>>>> see it,
>>>>> we should do something half-assed and non-intrusive for the RC and aim
>>>>> for a clean solution by the time of the hackathon.
>>>>>
>>>>
>>>>
>>>> OK, that sounds reasonable. What changes are necessary to make it
>>>> (kind-of) work for the moment? Do you have the time to take care
>>>> of it? I don't have a proxied setup running ATM.
>>>>
>>>> -- Andreas
>>>>
>>>>
>>>>
>>>
>>> It does kind of work at the moment. The only caveat is if you have
>>> the editing under SSL you have to base it at the root level
>>>
>>> https://example.com/default/authoring
>>
>>
>> which is a bummer, because, as remarked in another thread, you cannot
>> use name-based virtual hosting together with ssl.
>
> I am not sure I understand correctly what you mean.
>
> I think one can setup a name based vhost for 80 and another name based
> vhost for 443 (with the same name but different port) and then point
> from these two vhosts to the same Tomcat either pointing
>
> 80 -> 8080 and 443 -> 8080
>
> or
>
> 80 -> 8080 and 443 ->8443
>
> for instance. Or do I misunderstand something?
consider a web server with multiple name-based virtual webservers.
a few are using lenya. to clean up the urls, an apache proxy is used and
lenya is configured accordingly. so localhost:8888/client-site1/live
will become www.foo.com, and localhost:8888/client-site2/live will be
www.bar.com.
for security reasons, i want authoring to be ssl-protected.
it is not possible to use name-based virtual hosting with ssl. so i can
only have one ssl vhost, https://www.baz.com.
since it's just authoring, weird urls are not a problem, so the obvious
approach is to map localhost:8888/client-site1/authoring to
https://www.baz.com/lenya/client-site1/authoring and so on.
unfortunately, this does not work. proxy support is broken. the
workaround is to put it into the root context,
https://www.baz.com/client-site1/authoring, which works because most
links are absolute but omit the protocol and host.
problem is that this interferes with the ssl root namespace - people may
be doing a lot of other stuff on their ssl host, and hogging the root
may not be an option...
--
jörn nettingsmeier
home://germany/45128 essen/lortzingstr. 11/
http://spunk.dnsalias.org
phone://+49/201/491621
Kurt is up in Heaven now.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org