On Fri, Mar 26, 2010 at 12:46 AM, Octavian Rasnita <orasn...@gmail.com>wrote:
> *From:* Bill Moseley <mose...@hank.org> > > > > SetEnv HTTPS On >> > > > Does that header get to Catalyst? Obviously, check that first. > > > > I didn't know that HTTPS should be an HTTP header and not an environment > variable so I have also added as a header. > > Sorry, I missed that you were setting the environment var -- I assumed you were setting a header in your load balancer. Obviously, the front-end web server's environment is not shared with the back-end's environment. You have the front-end load balancer add a header to SSL requests when being proxied to the backend. Then the backend looks for the this header and, if set, sets $c->req->secure(1); You just need some way for the front-end to tell you which requests are SSL on the front end. As mentioned, another approach is to use two different ports on the backend. > > And finally, even though I forced $c->req->secure to be true, > $c->uri_for_action still uses the http scheme and not https so in the entire > application the redirects won't be done correctly and this is the big > problem. > > You need to set $request->secure(1) earlier in the request so that when $base is created it has the correct scheme. Here's a simple example application: $ cat lib/ssl.pm lib/ssl/Controller/Root.pm package ssl; use Moose; use namespace::autoclean -except => 'meta'; extends 'Catalyst'; __PACKAGE__->setup(); after 'prepare_headers' => sub { my $self = shift; $self->req->secure( $ENV{SSL} ); }; 1; package ssl::Controller::Root; use Moose; use namespace::autoclean -except => 'meta'; BEGIN { extends 'Catalyst::Controller' } __PACKAGE__->config->{namespace} = ''; sub hello : Local { my ( $self, $c ) = @_; $c->res->body( $c->uri_for( '/hello' ) ); }; 1; ~/ssl$ script/ssl_test.pl /hello http://localhost/hello ~/ssl$ SSL=1 script/ssl_test.pl /hello https://localhost/hello Don't get confused by that example where I'm checking $ENV. You will want to check a request header (or port) as that's how the front-end can communicate with the back-end. Note that Catalyst::Apache::Engine will check for $ENV{HTTPS} is "ON" but for that to happen you would have to do something like $ENV{HTTPS} = $c->req->headers( 'HTTPS' ) very early in the request (or get Apache to set it based on the request header. I find it easier to just explicitly set secure(1) based on a header (or port). -- Bill Moseley mose...@hank.org
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/