I have apache 1.3 with mod_ssl in front of mongrel/rails. Apache is setup to require client certification, and I''m trying to figure out how to pass the ssl env variables to mongrel. Here is the apache config to proxy requests to mongrel. I haven''t tried to pass env variables like this before so I''m not sure if it''s the apache config I have wrong, if mongrel isn''t picking up the env variables I am setting, or if it''s just not possible to do what I''m trying to do. Any guidance would be appreciated. ProxyPass /xml/ http://localhost:88/xml/ RewriteEngine On RewriteRule ^/xml/(.*) /xml/$1 [P,E=SSL_CLIENT_CERT:%{SSL_CLIENT_CERT}]
> > ProxyPass /xml/ http://localhost:88/xml/ > RewriteEngine On > RewriteRule ^/xml/(.*) /xml/$1 [P,E=SSL_CLIENT_CERT:%{SSL_CLIENT_CERT}] >One note on this, I''ve also tried the following (the above is just one of my last efforts): [P,E=SSL_CLIENT_CERT:%{SSL:SSL_CLIENT_CERT}] [P,E=SSL_CLIENT_CERT:%{ENV:SSL_CLIENT_CERT}]
On Tue, 2006-07-25 at 10:51 -0700, snacktime wrote:> I have apache 1.3 with mod_ssl in front of mongrel/rails. Apache is > setup to require client certification, and I''m trying to figure out > how to pass the ssl env variables to mongrel. Here is the apache > config to proxy requests to mongrel. I haven''t tried to pass env > variables like this before so I''m not sure if it''s the apache config I > have wrong, if mongrel isn''t picking up the env variables I am > setting, or if it''s just not possible to do what I''m trying to do. > Any guidance would be appreciated. >Did you get this working yet? -- Zed A. Shaw http://www.zedshaw.com/ http://mongrel.rubyforge.org/ http://www.railsmachine.com/ -- Need Mongrel support?
On 8/3/06, Zed Shaw <zedshaw at zedshaw.com> wrote:> On Tue, 2006-07-25 at 10:51 -0700, snacktime wrote: > > I have apache 1.3 with mod_ssl in front of mongrel/rails. Apache is > > setup to require client certification, and I''m trying to figure out > > how to pass the ssl env variables to mongrel. Here is the apache > > config to proxy requests to mongrel. I haven''t tried to pass env > > variables like this before so I''m not sure if it''s the apache config I > > have wrong, if mongrel isn''t picking up the env variables I am > > setting, or if it''s just not possible to do what I''m trying to do. > > Any guidance would be appreciated. > > > > Did you get this working yet?No, but the problem is that I''m using apache 1.3 that doesn''t have a way to set custom headers in the proxy request. 2.X would work, it''s just not an option in this case. In any case it''s definitely not a mongrel issue per say. Using scgi does work, although I''ve ran into a different problem where my app throws a Device Not Configured error when trying to make an https connection after being idle for a few hours. I have a feeling something in the mix isn''t thread safe, but it''s a bit above me to track down. The next thing I might try is to use pound. It will pass the ssl client certificate to mongrel/rails where I can just do the certificate verification manually with openssl.
Possibly Parallel Threads
- Apache 2.2 + Mod Proxy Balancer + Mongrel - Hot Linking Protection?
- Apache+Mongrel Redirection Problems
- Apache 2.2, ProxyPass and HTTPS
- what should be correct .conf file for being served by apache for static content
- Session problem mongrel behind Apache proxy