
I have squid functioning nicely as a https accelerator for tomcat6 and IIS7 (Outlook web access and terminal server gateway), and now I want to publish a mantis server that way too. The problem is that squid takes the https request and proxies it as a http request to the server running mantis. apache2 gets the http request and so any hard links in there are prepended with http, which doesn't work (eg browser tries to get css via http which isn't reachable). Squid is adding the front-end-https header to the requests which should tell apache that the front end request was https:// but it doesn't seem to be working. What do I need to do to make apache understand that the user request was https not http? Thanks James

James Harper wrote:
I have squid functioning nicely as a https accelerator for tomcat6 and IIS7 (Outlook web access and terminal server gateway), and now I want to publish a mantis server that way too. The problem is that squid takes the https request and proxies it as a http request to the server running mantis. apache2 gets the http request and so any hard links in there are prepended with http, which doesn't work (eg browser tries to get css via http which isn't reachable).
Just run something on 80 that responds to a "can I have /foo/bar of Host: example.net?" with "oh that's over at https://example.net/foo/bar". i.e. a 302 or 301. It will of course result in an extra TCP setup/teardown, but I don't have a better idea. Other than "fix the fucking app" of course :-) I'm doing both steps with apache; I can share the config if you think it'll actually help. I'm using apache mainly because it can also auth against an LDAP backend like I wanted; otherwise I would be looking at varnish or nginx - suggest you consider these instead of squid, which looked pretty icky for that role when I last looked (about two years ago).
Squid is adding the front-end-https header to the requests which should tell apache that the front end request was https:// but it doesn't seem to be working. What do I need to do to make apache understand that the user request was https not http?
If the s-less http URLs are appearing in the HTTP body, surely that's the app's fault, not apache's? If it's appearing in headers, I presume squid can be made to rewrite them.
participants (2)
-
James Harper
-
Trent W. Buck