[Web-SIG] Reverse Proxy & HTTPS
Ian Bicking
ianb at colorstudy.com
Tue Apr 7 01:32:20 CEST 2009
A last note: paste.deploy.config.PrefixMiddleware does some fixup for cases
like this, including looking at X-Forwarded-Scheme and X-Forwarded-Proto for
the protocol (both names, because there's nothing approaching consensus on
what to name these headers).
2009/4/6 Randy Syring <randy at rcs-comp.com>
> Graham,
>
> Excellent, thank you! That confirms for me the concept is correct, now all
> I have to do is work on an IIS implementation. FUN!
>
> --------------------------------------
> Randy Syring
> RCS Computers & Web Solutions
> 502-644-4776http://www.rcs-comp.com
>
> "Whether, then, you eat or drink or
> whatever you do, do all to the glory
> of God." 1 Cor 10:31
>
>
>
> Graham Dumpleton wrote:
>
> Using nginx as front end to Apache/mod_wsgi as an example:
>
> On nginx side you would use:
>
> proxy_set_header X-Url-Scheme $scheme;
>
> and on Apache/mod_wsgi side, with Django 1.0 as an example, in WSGI
> script file we would have:
>
> import os, sys
> sys.path.append('/usr/local/django')
>
> os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
>
> import django.core.handlers.wsgi
>
> _application = django.core.handlers.wsgi.WSGIHandler()
>
> def application(environ, start_response):
> environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'http')
> return _application(environ, start_response)
>
> Is the equivalent on IIS side as others have mentioned that you need.
>
> Graham
>
> 2009/4/7 Paweł Stradomski <pstradomski at gmail.com> <pstradomski at gmail.com>:
>
>
> W liście Randy Syring z dnia poniedziałek, 6 kwietnia 2009:
>
>
>
> I would like my application to have control over the HTTPS<->HTTP
> redirects and would rather not force that logic into the forward facing
> web server if at all possible. That just seems like an extra
> configuration step that wouldn't necessarily be needed if I could figure
> out how to pass SSL status from the forward facing web server to the
> backend proxy (i.e. CherryPy and my app).
>
> So, do you (or anyone else) know of a good way to to this? Or, does
> everyone just assume that it is all or nothing for SSL when you are
> proxying to a backend?
>
>
>
> Check with IIS manual, it should be possible to set some nonstandard header
> when the connection goes through SSL, and then check this header in your
> application. Maybe that header is already there - write a simple controller
> that prints all the headers from the request and check how it looks with and
> without SSL (but verify with the IIS manual anyway).
>
> --
> Paweł Stradomski
> _______________________________________________
> Web-SIG mailing listWeb-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/graham.dumpleton%40gmail.com
>
> _______________________________________________
> Web-SIG mailing listWeb-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
>
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/randy%40rcs-comp.com
>
>
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe:
> http://mail.python.org/mailman/options/web-sig/ianb%40colorstudy.com
>
>
--
Ian Bicking | http://blog.ianbicking.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20090406/53496850/attachment.htm>
More information about the Web-SIG
mailing list