thanks for feedback Am 29.01.2014 22:41, schrieb James Peach: > On Jan 29, 2014, at 7:14 AM, Reindl Harald <[email protected]> wrote: >> >> https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#client-and-traffic-server-connections >> >> i don't get with the documentation how to have several domains >> in reverse-proxy mode each of them having their own certificates >> and how that plays with "remap.conf" > > There is no binding between SSL SNI names and remap rules
but how does this work for a growing amount of SSL sites
each having their own certificates and keys?
>> also very interesting:
>>
>> how to enforce that a domain-mapping redirects to https
>> with httpd this can done with mod_rewrite but in case
>> ATS working as reverse-proxy that would lead in a loop
>> or not work at all because httpd does and should not
>> know how the connection to the reverse-proxy is
>>
>> <IfModule mod_rewrite.c>
>> RewriteEngine on
>> RewriteCond %{HTTPS} off
>> RewriteRule (.*) https://whatever.thelounge.net%{REQUEST_URI}
>> </IfModule>
>
> The only case where I have a site that does this, the origin sends a redirect
> from HTTP to HTTPS
> which is cached by ATS
not a solution - the origin should be always accessed without http from ATS
and only ATS doing ssl-termination and make sure no unencrypted traffic
for a specific domain between ATS and the client
> I expect that you could also do something like this in remap.config
> redirect http://foo.com/ https://foo.com/
that sounds like a solution, i will give it a try
but as said above - currently i have no plan how to start at all with
multiple ssl hosts on ATS mixed with some hundret non-ssl as reverse-proxy
signature.asc
Description: OpenPGP digital signature
