Ok after poking around some more - AWS EC2 spot instances have 2 minute warning.
Pound has poundctl which sends message to pound on the control port which one
can disable backends.
It seems these two facilities should allow one to gracefully deal with backends
which are AWS EC2 spot instances
We have pound setup with some spot market AWS EC2 instances as some of the
backends.
Spot instances can suddenly be taken off line. It seems that it takes a while
for pound to respond to events like this - according to another post several
tcp connections refused or not respond for pound to r
Freja,
There's not much you can do here. SSL binds on the port explicitly and
handles all traffic, unless you use the SSL name protocol (SNI). It sounds
like you don't want that.
So the "Head Require" in an HTTPS rule set is just perfunctory. It really
has no control over connections. SSL i
You are correct that HeadRequire will not work for you, because DNS -> IP ->
SSL all happens before HTTP.
Your best bet is to have two IP addresses - one that has a HTTPS listener, and
one that doesn't, and deal with it in DNS.
While SNI influences certificate selection, it does not have any co
You are correct that HeadRequire will not work for you, because DNS -> IP ->
SSL all happens before HTTP.
Your best bet is to have two IP addresses - one that has a HTTPS listener, and
one that doesn't, and deal with it in DNS.
While SNI influences certificate selection, it does not have any co
User"www-data"
Group "www-data"
LogLevel1
Alive 30
ListenHTTPS
Address 0.0.0.0
Port 443
HeadRemove "X-Forwarded-Proto"
AddHeader "X-Forwarded-Proto: https"
Disable SSLv3
Disable SSLv2
Cert "/etc/pound/www.1.se.pem"
Cert "/etc/pound/www.2
Hello Freja,
The HeadRequire should be what you require for this but can you send us
over a quick example it maybe just your make up of the required match value.
On 23 October 2015 at 14:37, Freja Borginger
wrote:
> Hello,
>
>
>
> We’re hosting a bunch of both SSL and non-SSL enabled sites an
Hello,
We're hosting a bunch of both SSL and non-SSL enabled sites and we're using
pound for SSL-termination.
The issue appears when someone visits a non-SSL enabled site by prepending
https:// to the address.
I'm expecting a connection reset or similar because this site doesn't have SSL
to be