[MKDoc-dev] Running MKDoc behind an SSL proxy
Bruno Postle
bruno at mkdoc.com
Tue Oct 4 21:25:09 BST 2005
[Posting to mkdoc-dev as too much of this stuff has been happening
off-list lately <- HINT]
A server configuration we have been using a lot lately is to run two
different apaches on the same box - A front-end apache-2 provides
mod_deflate compression and a back-end apache-1.3 runs mod_perl and
MKDoc. The two are connected via mod_rewrite rules in apache-2.
There are some notes for this configuration here:
http://www.mkdoc.org/docs/howto/apache/
The front-end apache-2 can potentially also provide SSL encryption
for the users interface, using something like this (assuming the
MKDoc apache is running on port 8080):
NameVirtualHost *:443
<VirtualHost *:443>
ServerName users.example.com
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
RewriteEngine On
RewriteCond %{HTTP_HOST} ^users\.
RewriteRule /?(.*)
http://users.example.com:8080/$1 [P,L]
</VirtualHost>
This doesn't work with current CVS, the back-end MKDoc sits on port
8080 and doesn't realise it should be constructing URLs using the
"https://" form.
This patch fixes the URL and makes it work:
Index: MKDoc/CGI.pm
===================================================================
RCS file: /var/spool/cvs/mkd/MKDoc/Attic/CGI.pm,v
retrieving revision 1.3.2.24
diff -r1.3.2.24 CGI.pm
76a77,81
> # may be behind an SSL proxy, rewrite appropriately
> use MKDoc::Config;
> $url =~ s/^http:/https:/
> if (MKDoc::Config->USER_DOMAIN =~ /^https:/ and defined $ENV{REMOTE_USER});
>
--
Bruno
More information about the MKDoc-dev
mailing list