trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jered Floyd <je...@convivian.com>
Subject Re: how make backend applications aware about tls-offloading
Date Sat, 07 Jan 2017 16:04:00 GMT

Does the "sslheaders" experimental plugin meet your needs?

https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/sslheaders.en.html

-Jered

----- On Jan 7, 2017, at 3:30 AM, Reindl Harald h.reindl@thelounge.net wrote:

> * Apache Trafficserver in front
> * ATS configured for TLS-offloading
> * connection to backend-httpd on the LAN unencrypted
> * mod_remoteip correctly configured on backend httpd
> 
> is there any way to make the backend php application aware that in fact
> $_SERVER['HTTPS'] and $_SERVER['REQUEST_SCHEME'] should be 'on' /
> https:// in case of generate absolute URLs like for emails
> 
> in a perfect world this would be handeled like the transparent
> translation of the client IP with
> https://httpd.apache.org/docs/current/mod/mod_remoteip.html and it's
> RemoteIPInternalProxy and a header like "X-Forwarded-TLS"
> 
> something like below where "X-TLS-Offloading" is only evaluated from
> "RemoteIPInternalProxy" pyhsical addressess
> 
> RemoteIPHeader         X-Forwarded-For
> RemoteTLSHeader        X-TLS-Offloading
> RemoteIPInternalProxy  192.168.196.1

Mime
View raw message