Hi there, On Mon, Apr 16, 2012 at 01:45:16PM +0200, Peter Sylvester wrote:
> >> that makes mod_ssl put the content of the host header into the sni data > >> structures instead of the hostname from the URL used in the > >> ProxyPass(Reverse) configuration itself. This way even name-based > >> virtual hosts should work behind the reverse proxy. > > I haven't heard anything back: What's the general opinion on this? > - If a configuration parameter can be avoided, this divides > the possibilities of errors by at least 3. > I don't think that a configuration parameter is necessary. I agree (or at least don't care as long as I get the behaviour I need ;). > - If something is put into the SNI, it must be identical to > what is in the Host:header. This could be a side-effect of ProxyPreserveHost On since only with ProxyPreserveHost On does it make any sense anyways. With ProxyPreserveHost Off, the SNI data should contain the hostname from the ProxyPassReverse directive. So implementation-wise this will most likely have two parts of code: 1. Determining the hostname to put into SNI data depending on ProxyPreserveHost somewhere in the reverse proxy module. 2. Putting that value into the SNI data in mod_ssl's ssl_engine_io.c. ssl_engine_io.c already uses an apr_table_get with a name of proxy-request-hostname which is apr_table_set'd in mod_proxy_http.c. So point 2 seems to be taken care of already. Host header preservation seems to be done done in mod_proxy_http.c as well. Now setting proxy-request-hostname based on that shouldn't be too hard. Shall I have a go at that? -- bye, Michael Elephants don't play chess!
