Hello,
I am configuring apache 2.2 to serve my rails app through mongrel at
the root of my server. First, I redirect all http traffic to https
with the following:
ServerName emiliano
NameVirtualHost *:80
<VirtualHost *:80>
RedirectPermanent / https://emiliano #this server is only accessed internally
</VirtualHost>
Inside the <VirtualHost *:443> section, I have the following
configuration, which seems extremely standard:
<Proxy balancer://mongrel>
BalancerMember http://localhost:8000
BalancerMember http://localhost:8001
BalancerMember http://localhost:8002
</Proxy>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /stylesheets !
ProxyPass /javascripts !
ProxyPass /images !
ProxyPass / balancer://mongrel/
ProxyPassReverse / balancer://mongrel/
ProxyPreserveHost On
When I point my browser to "https://emiliano" I get the login page
that I expect. When I submit the login form the authorization is
properly processed (I checked the access log). However, my browser is
then directed to https://emilianousers/home (note the missing "/"
between hostname and ''users'') which of course cannot be found.
If I
manually insert the slash I am properly directed to the user home
page. I can click on links all day long and everything works, but
when I try to submit any form, the form is processed properly, but the
same issue with the missing slash returns.
I have tried removing the proxy balancer and going directly to the
mongrel instance, but I get the same behavior. I have also removed
and replaced trailing slashes in my ProxyPass directives with no
success.
Because I can''t seem to find any other documentation of this issue, I
am left believing that this is a very trivial problem.
Please Help!
jeremy
This might help ... I have the following rewrite rule in my conf
file ...
# Redirect all non-static requests to cluster
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://resman_cluster%{REQUEST_URI} [P,QSA,L]
Also, I have the following :
# Add a special request header so Rails redirects stay on https
RequestHeader set X_FORWARDED_PROTO "https"
HTH
Bill Siggelkow
bsiggelkow at mac.com
AIM: siggelkowb
Home: 770-457-8854
Mobile: 770-354-2584
On Aug 20, 2008, at 12:45 PM, Jeremy Cavagnolo wrote:
> Hello,
>
> I am configuring apache 2.2 to serve my rails app through mongrel at
> the root of my server. First, I redirect all http traffic to https
> with the following:
>
> ServerName emiliano
>
> NameVirtualHost *:80
> <VirtualHost *:80>
> RedirectPermanent / https://emiliano #this server is only accessed
> internally
> </VirtualHost>
>
> Inside the <VirtualHost *:443> section, I have the following
> configuration, which seems extremely standard:
>
> <Proxy balancer://mongrel>
> BalancerMember http://localhost:8000
> BalancerMember http://localhost:8001
> BalancerMember http://localhost:8002
> </Proxy>
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPass /stylesheets !
> ProxyPass /javascripts !
> ProxyPass /images !
> ProxyPass / balancer://mongrel/
> ProxyPassReverse / balancer://mongrel/
> ProxyPreserveHost On
>
> When I point my browser to "https://emiliano" I get the login
page
> that I expect. When I submit the login form the authorization is
> properly processed (I checked the access log). However, my browser is
> then directed to https://emilianousers/home (note the missing "/"
> between hostname and ''users'') which of course cannot be
found. If I
> manually insert the slash I am properly directed to the user home
> page. I can click on links all day long and everything works, but
> when I try to submit any form, the form is processed properly, but the
> same issue with the missing slash returns.
>
> I have tried removing the proxy balancer and going directly to the
> mongrel instance, but I get the same behavior. I have also removed
> and replaced trailing slashes in my ProxyPass directives with no
> success.
>
> Because I can''t seem to find any other documentation of this
issue, I
> am left believing that this is a very trivial problem.
>
> Please Help!
>
> jeremy
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://rubyforge.org/pipermail/mongrel-users/attachments/20080820/1177cd53/attachment.html>
Thanks for the reply. It turns out that because I have the following permanent redirection, I don''t need to add the request header. NameVirtualHost *:80 <VirtualHost *:80> RedirectPermanent / https://emiliano #this server is only accessed internally </VirtualHost> However, my problem came from the fact that I left off the trailing slash from https://emiliano in the RedirectPermanent directive. Does anyone think it is still a good idea, from a performance standpoint, to include: RequestHeader set X_FORWARDED_PROTO "https" even though the requests are forwarded by the RedirectPermanent directive? -jeremy On Wed, Aug 20, 2008 at 9:56 AM, Bill Siggelkow <bsiggelkow at mac.com> wrote:> This might help ... I have the following rewrite rule in my conf file ... > # Redirect all non-static requests to cluster > RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f > RewriteRule ^/(.*)$ balancer://resman_cluster%{REQUEST_URI} [P,QSA,L] > Also, I have the following : > # Add a special request header so Rails redirects stay on https > RequestHeader set X_FORWARDED_PROTO "https" > HTH > Bill Siggelkow > bsiggelkow at mac.com > AIM: siggelkowb > Home: 770-457-8854 > Mobile: 770-354-2584 > > On Aug 20, 2008, at 12:45 PM, Jeremy Cavagnolo wrote: > > Hello, > > I am configuring apache 2.2 to serve my rails app through mongrel at > the root of my server. First, I redirect all http traffic to https > with the following: > > ServerName emiliano > > NameVirtualHost *:80 > <VirtualHost *:80> > RedirectPermanent / https://emiliano #this server is only accessed > internally > </VirtualHost> > > Inside the <VirtualHost *:443> section, I have the following > configuration, which seems extremely standard: > > <Proxy balancer://mongrel> > BalancerMember http://localhost:8000 > BalancerMember http://localhost:8001 > BalancerMember http://localhost:8002 > </Proxy> > > ProxyRequests Off > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPass /stylesheets ! > ProxyPass /javascripts ! > ProxyPass /images ! > ProxyPass / balancer://mongrel/ > ProxyPassReverse / balancer://mongrel/ > ProxyPreserveHost On > > When I point my browser to "https://emiliano" I get the login page > that I expect. When I submit the login form the authorization is > properly processed (I checked the access log). However, my browser is > then directed to https://emilianousers/home (note the missing "/" > between hostname and ''users'') which of course cannot be found. If I > manually insert the slash I am properly directed to the user home > page. I can click on links all day long and everything works, but > when I try to submit any form, the form is processed properly, but the > same issue with the missing slash returns. > > I have tried removing the proxy balancer and going directly to the > mongrel instance, but I get the same behavior. I have also removed > and replaced trailing slashes in my ProxyPass directives with no > success. > > Because I can''t seem to find any other documentation of this issue, I > am left believing that this is a very trivial problem. > > Please Help! > > jeremy > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users > > > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users >
Assuming you''re running a Rails app, and you want all things generated by link_to, url_for, etc. to keep you in HTTPS , then yes. Otherwise, you effectively double the number of HTTP requests that the browser makes. This is wasteful, and depending on your allocated bandwidth and popularity, costly. Redirect them once to get them into HTTPS, but once they''re there, the X_FORWARDED_PROTO header is an exceedingly GOOD idea. Jeremy Cavagnolo wrote:> Thanks for the reply. > > It turns out that because I have the following permanent redirection, > I don''t need to add the request header. > > NameVirtualHost *:80 > <VirtualHost *:80> > RedirectPermanent / https://emiliano #this server is only accessed internally > </VirtualHost> > > However, my problem came from the fact that I left off the trailing > slash from https://emiliano in the RedirectPermanent directive. > > Does anyone think it is still a good idea, from a performance > standpoint, to include: > > RequestHeader set X_FORWARDED_PROTO "https" > > even though the requests are forwarded by the RedirectPermanent directive? > > -jeremy > > On Wed, Aug 20, 2008 at 9:56 AM, Bill Siggelkow <bsiggelkow at mac.com> wrote: > >> This might help ... I have the following rewrite rule in my conf file ... >> # Redirect all non-static requests to cluster >> RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f >> RewriteRule ^/(.*)$ balancer://resman_cluster%{REQUEST_URI} [P,QSA,L] >> Also, I have the following : >> # Add a special request header so Rails redirects stay on https >> RequestHeader set X_FORWARDED_PROTO "https" >> HTH >> Bill Siggelkow >> bsiggelkow at mac.com >> AIM: siggelkowb >> Home: 770-457-8854 >> Mobile: 770-354-2584 >> >> On Aug 20, 2008, at 12:45 PM, Jeremy Cavagnolo wrote: >> >> Hello, >> >> I am configuring apache 2.2 to serve my rails app through mongrel at >> the root of my server. First, I redirect all http traffic to https >> with the following: >> >> ServerName emiliano >> >> NameVirtualHost *:80 >> <VirtualHost *:80> >> RedirectPermanent / https://emiliano #this server is only accessed >> internally >> </VirtualHost> >> >> Inside the <VirtualHost *:443> section, I have the following >> configuration, which seems extremely standard: >> >> <Proxy balancer://mongrel> >> BalancerMember http://localhost:8000 >> BalancerMember http://localhost:8001 >> BalancerMember http://localhost:8002 >> </Proxy> >> >> ProxyRequests Off >> <Proxy *> >> Order deny,allow >> Allow from all >> </Proxy> >> >> ProxyPass /stylesheets ! >> ProxyPass /javascripts ! >> ProxyPass /images ! >> ProxyPass / balancer://mongrel/ >> ProxyPassReverse / balancer://mongrel/ >> ProxyPreserveHost On >> >> When I point my browser to "https://emiliano" I get the login page >> that I expect. When I submit the login form the authorization is >> properly processed (I checked the access log). However, my browser is >> then directed to https://emilianousers/home (note the missing "/" >> between hostname and ''users'') which of course cannot be found. If I >> manually insert the slash I am properly directed to the user home >> page. I can click on links all day long and everything works, but >> when I try to submit any form, the form is processed properly, but the >> same issue with the missing slash returns. >> >> I have tried removing the proxy balancer and going directly to the >> mongrel instance, but I get the same behavior. I have also removed >> and replaced trailing slashes in my ProxyPass directives with no >> success. >> >> Because I can''t seem to find any other documentation of this issue, I >> am left believing that this is a very trivial problem. >> >> Please Help! >> >> jeremy >> _______________________________________________ >> Mongrel-users mailing list >> Mongrel-users at rubyforge.org >> http://rubyforge.org/mailman/listinfo/mongrel-users >> >> >> _______________________________________________ >> Mongrel-users mailing list >> Mongrel-users at rubyforge.org >> http://rubyforge.org/mailman/listinfo/mongrel-users >> >> > _______________________________________________ > Mongrel-users mailing list > Mongrel-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-users > >
Yes, but to use X_FORWARDED_PROTO header, this you must have two virtual blocks basically one for port=80 and other for port=443 so add this to 443 block, and then the / problems will be solved. -- Posted via http://www.ruby-forum.com/.