Forum
Can hiawatha terminate SSL
Fred
26 April 2017, 10:42
Hi,
I am running hiawatha in server A as a reverse proxy to many hiawatha backend server..
I would like to know if it is possible to terminate ssl in the hiawatha reverse proxy so the backend get request on http?
The idea would be to have Varnish – HTTP accelerator between the reverse proxy and the backend to speed loading time
Thank you
I am running hiawatha in server A as a reverse proxy to many hiawatha backend server..
I would like to know if it is possible to terminate ssl in the hiawatha reverse proxy so the backend get request on http?
The idea would be to have Varnish – HTTP accelerator between the reverse proxy and the backend to speed loading time
Thank you
Hugo Leisink
26 April 2017, 10:45
Sure. Simply have an HTTPS binding at the reverse proxy and forward to a http:// URL in the ReverseProxy setting.
Fred
26 April 2017, 13:18
Hugo,
Do you mean something like this?
Using the above config, how do i send the request back to the client over https?
Do I need to remove the binding on Port = 80 all together?
Thnak you
Do you mean something like this?
...
Binding {
Port = 80
Interface = MyIPv4
MaxKeepAlive = 32
TimeForRequest = 3,30
MaxRequestSize = 20000
MaxUploadSize = 20
}
Binding {
Port = 443
Interface = MyIPv4
MaxKeepAlive = 100
TimeForRequest = 5,30
TLScertFile = /usr/local/etc/hiawatha/ssl/serverkey.pem
MaxRequestSize = 512
MaxRequestSize = 20000
MaxUploadSize = 20
}
VirtualHost {
Hostname = www.mydomain.co.uk, mydomain.co.uk
WebsiteRoot = /var/www/empty
ReverseProxy .* http://10.8.20.20:80 30000 keep-alive
#ReverseProxy .* http://10.8.20.20:443 30000 keep-alive
TLScertFile = /usr/local/etc/hiawatha/ssl/mydomain.co.uk.pem
AccessLogfile = /var/log/hiawatha/access.mydomain.co.uk.log
ErrorLogfile = /var/log/hiawatha/error.mydomain.co.uk.log
}
...
Using the above config, how do i send the request back to the client over https?
Do I need to remove the binding on Port = 80 all together?
Thnak you
Fred
26 April 2017, 14:18
Got it working thank you:)
For other reading the forum..
RequireTLS = yes will force ssl back to the client but the traffic between proxy and backend will be plain http..
Hugo, please coreect me if i'm wrong
For other reading the forum..
...
Binding {
Port = 80
MaxKeepAlive = 32
TimeForRequest = 3,30
MaxRequestSize = 20000
MaxUploadSize = 20
}
Binding {
Port = 443
MaxKeepAlive = 100
TimeForRequest = 5,30
TLScertFile = /usr/local/etc/hiawatha/ssl/serverkey.pem
MaxRequestSize = 512
MaxRequestSize = 20000
MaxUploadSize = 20
}
VirtualHost {
Hostname = www.mydomain.co.uk, mydomain.co.uk, *.mydomain.co.uk
WebsiteRoot = /var/www/empty
RequireTLS = yes,31536000
TLScertFile = /usr/local/etc/hiawatha/ssl/mydomain.co.uk.pem
RandomHeader = 512
ReverseProxy .* http://10.8.20.14:80 30 keep-alive
AccessLogfile = /var/log/hiawatha/mydomain.access.log
ErrorLogfile = /var/log/hiawatha/mydomain.error.log
}
RequireTLS = yes will force ssl back to the client but the traffic between proxy and backend will be plain http..
Hugo, please coreect me if i'm wrong
Hugo Leisink
26 April 2017, 16:21
RequireTLS will only redirect clients connecting via HTTP to HTTPS. When a client connects via HTTPS, the request will be forwarded to the backend server via HTTP. The backend server sends the response via HTTP. From the reverse proxy, the response will of course be sent to the client via HTTPS, because the client was connected via HTTPS.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
