[Web-SIG] Reverse Proxy & HTTPS

Randy Syring randy at rcs-comp.com
Tue Apr 7 01:01:27 CEST 2009


Graham,

Excellent, thank you!  That confirms for me the concept is correct, now 
all I have to do is work on an IIS implementation.  FUN!

--------------------------------------
Randy Syring
RCS Computers & Web Solutions
502-644-4776
http://www.rcs-comp.com

"Whether, then, you eat or drink or 
whatever you do, do all to the glory
of God." 1 Cor 10:31



Graham Dumpleton wrote:
> Using nginx as front end to Apache/mod_wsgi as an example:
>
> On nginx side you would use:
>
>   proxy_set_header X-Url-Scheme $scheme;
>
> and on Apache/mod_wsgi side, with Django 1.0 as an example, in WSGI
> script file we would have:
>
>   import os, sys
>   sys.path.append('/usr/local/django')
>
>   os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
>
>   import django.core.handlers.wsgi
>
>   _application = django.core.handlers.wsgi.WSGIHandler()
>
>   def application(environ, start_response):
>     environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'http')
>     return _application(environ, start_response)
>
> Is the equivalent on IIS side as others have mentioned that you need.
>
> Graham
>
> 2009/4/7 Paweł Stradomski <pstradomski at gmail.com>:
>   
>> W liście Randy Syring z dnia poniedziałek, 6 kwietnia 2009:
>>
>>     
>>> I would like my application to have control over the HTTPS<->HTTP
>>> redirects and would rather not force that logic into the forward facing
>>> web server if at all possible.  That just seems like an extra
>>> configuration step that wouldn't necessarily be needed if I could figure
>>> out how to pass SSL status from the forward facing web server to the
>>> backend proxy (i.e. CherryPy and my app).
>>>
>>> So, do you (or anyone else) know of a good way to to this?  Or, does
>>> everyone just assume that it is all or nothing for SSL when you are
>>> proxying to a backend?
>>>
>>>       
>> Check with IIS manual, it should be possible to set some nonstandard header
>> when the connection goes through SSL, and then check this header in your
>> application. Maybe that header is already there - write a simple controller
>> that prints all the headers from the request and check how it looks with and
>> without SSL (but verify with the IIS manual anyway).
>>
>> --
>> Paweł Stradomski
>> _______________________________________________
>> Web-SIG mailing list
>> Web-SIG at python.org
>> Web SIG: http://www.python.org/sigs/web-sig
>> Unsubscribe: http://mail.python.org/mailman/options/web-sig/graham.dumpleton%40gmail.com
>>
>>     
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/randy%40rcs-comp.com
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20090406/432bcc5d/attachment-0001.htm>


More information about the Web-SIG mailing list