RFE: HTTP reverse proxy handler - SSL support

[danielniccoli]

Original author: rng.hart...@gmail.com (June 10, 2010 14:56:13)

HTTP reverse proxy handler does not support SSL encrypted (HTTPS) backend connections.

What steps will reproduce the problem?

1. Create an Information Source (remote) with Connection string https://somehost:443 (or similar, see below)
2. Create a vhost with a HTTP reverse proxy rule using that IS
3. Receive HTTP error

What is the expected output? What do you see instead? Depending on what you use as Connection string in the Information Source, you get: somehost:443 - 502 Bad gateway (it tries unencrypted HTTP) https://somehost - 503 Service unavailable https://somehost:443 - 504 Gateway timeout

What version of the product are you using? On what operating system? v1.0.1 (packaged for Debian squeeze)

Please provide any additional information below. SSL encrypted backend connections might be desirable for sensitive data when backend is not in a safe network (for example, in a different data center).

For anyone interested, here is a quick "workaround" for the time being:

• Install stunnel4 and create config-file /etc/stunnel/stunnel.conf:

socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 client = yes verify = 0

[pseudo-https] accept = 8443 connect = somehost:443 TIMEOUTclose = 0

; End of stunnel.conf

• Start stunnel: stunnel4 /etc/stunnel/stunnel.conf (or via initscript)
• Change Information Source Connection string to: localhost:8443
• Be happy!

Original issue: http://code.google.com/p/cherokee/issues/detail?id=900

[danielniccoli]

From lea.anth...@gmail.com on February 21, 2011 08:37:00 We had the same issue. Maybe having a checkbox next to the IS stating it's an SSL source?

[danielniccoli]

From lea.anth...@gmail.com on February 21, 2011 10:11:21 Oh and thanks to the OP for the workaround!