SSL and Redirects
11:04 PMSSL and Redirects
In OOD, you have two options for SSL: install the SSL Cert into the web server and configure appropriately or off-load the SSL encryption to the load balancers. This page presents methods to accomplish both.SSL in Web Server
In this scenario, the SSL Cert is installed on the web server and the web server has full SSL capabilities (server-side SSL Certs for authentication, changing cipher suites, etc.)SSL on Load Balancers
In this scenario, the SSL Cert has been installed on the load balancers. The load balancers will handle all SSL encryption/decryption and the web server will only see unencrypted traffic, usually on port 80.One particular problem this poses is forcing redirects to HTTPS sites. Since the load balancers handle all HTTPS traffic, the web server will never see traffic on port 443 so you need to "force" the issue.
Configuration #1
Configure the load balancer to send HTTP traffic to one port and HTTPS traffic to another (after decrypting it, of course.) Apache will need to listen on both ports. Once configured, you can redirect your traffic appropriately. Here's an example configuration using Apache as the web server:- The load balancer is configured to forward HTTP traffic to port 80 on our server and HTTPS traffic to port 81.
- Add two 'Listen' directives
<code>
Listen 80
Listen 81
</code> - Set up NamedVirtualHosts:
<code>
NamedVirtualHost 10.10.10.10:80
NamedVirtualHost 10.10.10.10:81
</code> - Set up a VirtualHost for each "site", configured appropriately:
<code>
<VirtualHost 10.10.10.10:80>
- This is the HTTP "site"
ServerName www.nothing.cop - Redirect all requests to the HTTPS site
RedirectMatch .* https://www.nothing.cop
</VirtualHost>
<VirtualHost 10.10.10.10:81> - This is the HTTPS "site"
ServerName www.nothing.cop
DocumentRoot /var/www/html
Options Indexes
</VirtualHost>
</code>
0 comments