Best Way to do SSL? - community.ez.no

Tuesday 20 January 2004 2:43:54 pm - 5 replies

5 replies

Author	Message
Björn Dieding@xrow.de	Thursday 22 January 2004 10:39:36 am ################# # Lokaler SSL-Proxy, welcher https://domain zu http://domain umleitet ################# RewriteLock /var/lock/rewrite.lock <VirtualHost _default_:443> DocumentRoot "/home/www" ServerName ssl.xrow.net ServerAlias www.xrow.net SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/ssl.crt/ssl.xrow.net.server.crt SSLCertificateKeyFile /etc/httpd/ssl.key/ssl.xrow.net.server.key SSLCACertificateFile /etc/httpd/ssl.crt/ssl.xrow.net.ca.crt # Rewrite-Engine einschalten fuer Umschreiben der URL RewriteEngine on # Logging ausschalten mit folgenden Zeilen: #RewriteLog /dev/null #RewriteLog 0 RewriteLog /var/log/httpd/sslproxy.log RewriteLogLevel 1 RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [P,L] </VirtualHost> cool.... I like it Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs Looking for hosting? http://hostingezpublish.com ----------------------------------------------------------------------------- GMT +01:00 Hannover, Germany Web: http://www.xrow.com/
Willie Seabrook	Friday 23 January 2004 7:35:35 pm I don't quite get it sorry :-( With that configuration it looks like any request to the host gets re-written back to the host again??? Could you please explain a little? I can set up a secure server - I know how to do that, its just getting it to work nicely and securely with ezpublish that I'm unsure about. Regards, Willie
Björn Dieding@xrow.de	Monday 26 January 2004 1:43:49 am >With that configuration it looks like any request to the host gets re-written back to the host again??? True.... any request to port 443 gets internally rewritten to port 80 the flow will be like this client request https://www.xrow.de/user/register -> ssl proxy will a call(no encrytion needed internally) -> http://www.xrow.de/user/register (your eZ vhost) -> then the proxy will return the result from http://www.xrow.de/user/register (encryted) to client Looking for a new job? http://www.xrow.com/xrow-GmbH/Jobs Looking for hosting? http://hostingezpublish.com ----------------------------------------------------------------------------- GMT +01:00 Hannover, Germany Web: http://www.xrow.com/
Lauren Matheson	Thursday 01 April 2004 11:01:02 am Can you explain more? The client request comes on port 443, internally that is rewritten to the non-secure vhost through port 80, and the response comes out port 80? That sounds like it would drop the TCP connection.?
Bruce Morrison	Thursday 01 April 2004 3:17:17 pm I think it's the 'P' flag on the end of the rewrite rule that does all the magic. See http://httpd.apache.org/docs/mod/mod_rewrite.html#RewriteRule Cheers Bruce My Blog: http://www.stuffandcontent.com/ Follow me on twitter: http://twitter.com/brucemorrison Consolidated eZ Publish Feed : http://friendfeed.com/rooms/ez-publish

You must be logged in to post messages in this topic!