trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: SNI AND ATS
Date Mon, 29 Sep 2014 00:06:55 GMT

Am 29.09.2014 um 02:01 schrieb James Peach:
> On Sep 28, 2014, at 9:26 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
>>
>> Am 28.09.2014 um 18:24 schrieb Jason Strongman:
>>> Version - 4.2.1.1
>>> Mode - Reverse Proxy
>>>
>>> Objective: To support multiple SSL sites, each with their own certificate, and
only use one IP/Port.
>>> Does ATS support SNI for incoming requests as described in the below links?
>>
>> ATS supports *only* SNI for incoming requests
> 
> In 5.1, ATS supports SNI for outbound origin requests too (https://issues.apache.org/jira/browse/TS-2802)

cool - i wasn't even aware that it did not

maybe interesting on servers where the origin don't support
%{CONN_REMOTE_ADDR} and you are forced to have TLS there because
a config like below excluding the proxy from redirect is not
supported via mod_remoteip to stay with one IP address

added somewhere in httpd-2.4.x this year

<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{CONN_REMOTE_ADDR} !^127\.0\.0\.1
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>


Mime
View raw message