[Catalyst-dev] Trouble with ProxyPass

Andreas Marienborg omega at palle.net
Tue Jun 18 04:16:40 GMT 2013 

On Jun 17, 2013, at 6:44 PM, Jillian Rowe <jir2004 at qatar-med.cornell.edu> wrote:

> Hello,
> 
> I'm having trouble getting my application running under ProxyPass using
> Apache. I'm not entirely sure if it my worries lie in catalyst or
> apache. I do have another application (not catalyst) which uses
> proxypass with the exact same SSL config and its fine.
> 
> It will display pages fine, but when I go to submit a form I get the
> following:
> 
> "Although this page is encrypted, the information you have entered is to
> be sent over an unencrypted connection and could easily be read by a
> third party.
> 
> Are you sure you want to continue sending this information?"
> 
> 
> This is what my apache config looks like:
> 
> 
>        ProxyRequests On
>        ProxyVia On
>        ProxyReceiveBufferSize 16384
>        <Location />
>                ProxyPass http://127.0.0.1:3000/
>                ProxyPassReverse http://127.0.0.1:3000/
>                SetEnv force-proxy-request-1.0 1
>                SetEnv proxy-nokeepalive 1
> 
>                SSLRequireSSL
>                SetHandler perl-script
>                RequestHeader set X-URL-SCHEME https
>                Order allow,deny
>                Allow from all
>        </Location>
> 
> I have $c->config->{using_frontend_proxy} = 1.
> 
> My application works fine if I just do localhost:3000, and it also works
> fine when I run it as a fastcgi application. I do not get the security
> warning when running either under development or fastcgi.

I assume what happens is that you use $c->uri_for (or c.uri_for in the
template toolkit world) to generate the action for your form, and this 
generates http:// instead of https://?

Have you read trough 
https://metacpan.org/module/Catalyst#PROXY-SUPPORT and
tried to set the X-Forwarded-Port to 443?

> 
> I am looking into using the proxypass option solely for development. I
> am working on an application that uses very big data and log into a
> virtualbox for it. I have several file locations that are references to
> urls.
> 
>  Alias /bigdata /data/share/web_public/bigdata
>        <Directory /data/share/web_public/bigdata>
>           AllowOverride All
>           Options Indexes MultiViews FollowSymLinks
>           order Allow,Deny
>           Allow from all
>        </Directory>
> 
> So I need something happening with apache I think. Is there anyway to
> get Catalyst to alias those paths for me?
> 

You could perhaps have a controller Bigdata that reponds to /bigdata and 
looks for files for you, or use a Plack middleware to wrap your application
in to provide it.

But I don't think letting Apache (or other frontend web servers like nginx)
handle serving of files like that is a bad thing. The deployment documentation
for mod_perl on Apache even specifies this as a good thing:
https://metacpan.org/module/ETHER/Catalyst-Manual-5.9007/lib/Catalyst/Manual/Deployment/Apache/mod_perl.pod#Static-file-handling


Hope this might be helpful


- andreas / omega

More information about the Catalyst-dev mailing list