Open reederz opened 9 years ago
I think with reverse proxies you'll have trouble with Authentication. Why do you need a reverse proxy?
I haven't tested authentication yet.
As for why- it's because @peacekeeper wants to package an LDP server on a freedombox. However, LDP server is only 1 of several http servers which are running on freedombox. To be able to share the same port (443), we need a reverse proxy. Other HTTP servers don't care if they are behind a proxy and it would be preferable if our LDP server didn't care either.
I don't exactly know how reverse proxies function, but IF the SSL connection ends at the proxy then one has
Perhaps one should go the route of 2 (iii), as I assume Play does function with reverse proxies out of the box by now... But that will take a rewrite of the authentication layer.
Anyway that's assuming I got the initial point about reverse proxies right.
Yes, you got the initial point right- the SSL connection ends at the proxy, the proxy in turn forwards a normal HTTP request to the desired endpoint (rww-play).
And yes, Play already works with reverse proxies https://www.playframework.com/documentation/2.1.1/HTTPServer .
I don't see the best way to proceed solving this problem but 2(iii) seems like a reasonable option.
Authentication will now work with remote proxies but will limit you to HTTP Signature for the moment. See https://github.com/solid/solid-spec/issues/52
Instead of exposing rww-play directly to the Internet, I want to use a reverse proxy for terminating SSL connections to rww-play. However, I'm not able to do that.
Starting rww-play:
NGINX host config:
Querying a resource through reverse proxy:
Querying the same resource directly:
P.S. gold also has problems with this https://github.com/linkeddata/gold/issues/41