Hi
Am 06.05.2014 17:59, schrieb Ethan Lai:
> You can set "CONFIG proxy.config.url_remap.pristine_host_hdr INT 1" to keep request's
Host header.
yes, but it still would need to invent DNS names for some hundret domains
and reconfigure the nameservers - in that case a cert on the origin is
cheaper for sites wit forced ssl:-)
> And, yes, I also think its a bug, lower precedence type, `redirect` here, should not
be matched again if higher
> precedence type, `map` here, were matched.
> I've provided a patch here <https://issues.apache.org/jira/secure/attachment/12637293/no_redirect_after_map.patch>,
> one patch of TS-2344 <https://issues.apache.org/jira/browse/TS-2344>. You can try
it if building trafficserver
> yourself.
thank you!
i will give feedback ASAP, building ATS as my own RPMs
need some time for other tasks currently :-(
> 2014-05-06 19:31 GMT+08:00 Reindl Harald <h.reindl@thelounge.net <mailto:h.reindl@thelounge.net>>:
>
>
>
> Am 06.05.2014 13:06, schrieb Ethan Lai:
> > I'd suggest use different names
>
> that don't work because it would break the *automatic*
> configuration of ATS / dnsmasq based on webservices
> working with the real origin-configs
>
> as well it would break php applications seeing
> http://real-webspace.local/ as URL and so no longer
> correctly fix href="http://domain/folder/file.ext"
> to href="/folder/file.ext" by save content with
> WYSIWG editors
>
> the current solution works perfectly for some
> hundret domains without touch ATS manually
> and care about the origin, it only breaks
> if ATS is supposed to do SSL-offloading
> and force the client to https
>
> IMHO that is a bug - the redirect statement
> should not affect the right side of a map
> in reverse proxy mode
>
> > Add DNS: real-webspace.local 192.168.196.3
> >
> > redirect http://webspace.local https://webspace.local
> > map https://webspace.local http://real-webspace.local
> >
> > 2014-05-06 18:37 GMT+08:00 Reindl Harald:
> >
> > Hi
> >
> > the settings below (which only make no sense without
> > the underlying DNS views) are resulting in a redirect
> > loop but why?
> >
> > redirect http://webspace.local https://webspace.local
> > map https://webspace.local http://webspace.local
> >
> > * DNS-View external: webspace.local -> 192.168.196.2 (192.168.196.2
= ATS)
> > * DNS-View ATS machine: webspace.local -> 192.168.196.3 (192.168.196.3
= Origin)
> >
> > the reason for that views is that this way automatic configuration of
> > ATS and dnsmasq based on webservices can be done and the decision using
> > the proxy or directly point to the origin is done with the public DNS
> > _____________________________________________________
> >
> > these two mappings are working fine with http and https
> > so i assume the problem is that the non-http-origin URL
> > triggers also teh redirect above
> >
> > map http://webspace.local http://webspace.local
> > map https://webspace.local http://webspace.local
> > _____________________________________________________
> >
> > these mappings also working because the origin itself
> > is also accessed with https, but the idea of the config
> > above is that ATS doing SSL termination, forcing the
> > client to use https but the origin has no SSL
> >
> > redirect http://webspace.local https://webspace.local
> > map https://webspace.local https://webspace.local
>
>
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
|