Article delegate-en/4233 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4232@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: HTTPS to HTTPS Rewriting
29 Nov 2008 01:23:51 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4232@delegate-en.ML_> on 11/29/08(02:30:42)
you Geeosor <praiabdyi-vss2yssyaz3r.ml@ml.delegate.org> wrote:
 |Basically we have a site support.domain.tld which is accessible by http
 |and by https. Then there is the other site https://secure.domain.tld/ in
 |which we want to have the *content* of the support domain with all links
 |appearing as secure. Let me visualize this:
 |
 |Apache on Host 1                  Apache on Host2
 |- serves https://secure...        - server httpX://support...
 |
 |           ^                                 ^
 |           |__         Delegate            __|

                            ^
                            |
               as what is this server referred?
               1) origin server https://delegate-host:8888 or
               2) HTTP proxy server at delegate-host:8888 

The way 1) is a usual approach and can be configured as follows for example:

  MOUNT="/*        https://secure/*"
  MOUNT="/supp-s/* https://support/*"
  MOUNT="/supp-h/* http://support/*"
  STLS=fsv:https
  STLS=fcl
  SERVER=https
  -P8888

With this configuration, each URL-path will be mapped as follows:

  https://delegate-host/*         <--> https://secure/*
  https://delegate-host/supp-s/*  <--> https://support/*
  https://delegate-host/supp-h/*  <--> http://support/*

In this case the target servers are switched with the url-path part but 
you can switch them with vertual host name with the "nvhost" MountOption.
See <URL:http://www.delegate.org/delegate/nvproxy> for more details.

You seem to writing abouth the way 2) but I can't figure out the reason.
Using DeleGate as a proxy with rewriting HTTPS/SSL content, at least
you need decrypt and encrypt it with STLS=mitm.


 |So we do not only want the URL and HTTP stuff rewritten, but also the
 |absolute urls in the html body from httpX://support
 |
 |My approach was:
 |
 |Apache on Host1:
 |----------------------------------------------------------
 |ProxyRequests On
 |ProxyPass /support/kb/ http://localhost:8888/kb/
 |ProxyPassReverse /support/kb/ http://localhost:8888/kb/
 |
 |Delegate on Host1:
 |----------------------------------------------------------
 |./delegated -fv \
 |-P8888 \
 |SERVER=http \
 |ADMIN=hostmaster@domain.. \
 |PERMIT="*:*:*" \
 |MOUNT="https://secure.domain.tld/* http://support.domain.tld/*"
 |
 |But apparently the vURL parameter cannot match. I also tried with SSL,
 |but since the frontend apache serves already SSL there is no need for it
 |from the backend servers.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V