Article delegate-en/4246 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4245@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: HTTPS to HTTPS Rewriting
01 Dec 2008 15:23:24 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4245@delegate-en.ML_> on 12/01/08(18:46:36)
you Geeosor <praiabdyi-y44okldhzdjr.ml@ml.delegate.org> wrote:
 |> In message <_A4232@delegate-en.ML_> on 11/29/08(02:30:42)
 |> you Geeosor <praiabdyi-y44okldhzdjr.ml@ml.delegate.org> wrote:
 |>  |Basically we have a site support.domain.tld which is accessible by http
 |>  |and by https. Then there is the other site https://secure.domain.tld/ in
 |>  |which we want to have the *content* of the support domain with all links
 |>  |appearing as secure. Let me visualize this:
 |>  |
 |>  |Apache on Host 1                  Apache on Host2
 |>  |- serves https://secure...        - server httpX://support...
 |>  |
 |>  |           ^                                 ^
 |>  |           |__         Delegate            __|
...
 |> In this case the target servers are switched with the url-path part but 
 |> you can switch them with vertual host name with the "nvhost" MountOption.
 |> See <URL:http://www.delegate.org/delegate/nvproxy> for more details.
 |> 
 |> You seem to writing abouth the way 2) but I can't figure out the reason.
 |> Using DeleGate as a proxy with rewriting HTTPS/SSL content, at least
 |> you need decrypt and encrypt it with STLS=mitm.
 |
 |I think either one of your ways. Since we need:
 |
 |Browser <-HTTPS-> Apache <-HTTP-> Delegate <-HTTP-> Apache
 |                  https://secure...                 http://support...

Then I think your configuration seems to be figured like this:

 >         clients
 >            |
 >            v
 >
 >  Apache on Host 1                  Apache on Host2
 >  - serves https://secure...        - server httpX://support...
 > 
 >            |                                 ^
 >            +-->        Delegate            __|

Right?

On 11/29/08(02:32) you Geeosor wrote in <_A4232@delegate-en.ML_>
 |So we do not only want the URL and HTTP stuff rewritten, but also the
 |absolute urls in the html body from httpX://support
 |
 |My approach was:
 |
 |Apache on Host1:
 |----------------------------------------------------------
 |ProxyRequests On
 |ProxyPass /support/kb/ http://localhost:8888/kb/
 |ProxyPassReverse /support/kb/ http://localhost:8888/kb/

Sorry but I don't know anything about the configuration syntax of Apache,
I don't know why you need DeleGate between Apaches, and I don't know
why you seem to use DeleGate as a proxy.
Anyway you seem like to do mapping like this:

  1) https://secure/support/  <-->  http://support/
  2) https://secure/support/  <---  https://support/

Am I right?

 |Delegate on Host1:
 |----------------------------------------------------------
 |./delegated -fv \
 |-P8888 \
 |SERVER=http \
 |ADMIN=hostmaster@domain.. \
 |PERMIT="*:*:*" \
 |MOUNT="https://secure.domain.tld/* http://support.domain.tld/*"
 |
 |But apparently the vURL parameter cannot match. I also tried with SSL,
 |but since the frontend apache serves already SSL there is no need for it
 |from the backend servers.

I'm not so sure on your requirement but it might be configured like this:

  1) https://secure/support/ <--> http://delegate/ <--> http://support/
  2) https://secure/support/ <--- http://delegate/ <--- https://support/

Here I supposed DeleGate is to get reqest forwarded from Apache as
a usual origin HTTP server.

  MOUNT="/* http://support/* direction=fo"
  MOUNT="https://secure/support/* http://support/*  direction=bo"
  MOUNT="https://secure/support/* https://support/* direction=bo"

The first MOUNT parameter forward any requests to http://support and
it is not used for rewriting URLs in responses.
The second and the third one rewrites URLs in responses from
http://support or https://support to https://secure/support.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V