[Catalyst] problems: frontend SSL-Apache, backend Catalyst Server

Edmund von der Burg edmund.vonderburg at gmail.com
Fri Mar 13 11:39:50 GMT 2009


2009/3/13 Jens Schwarz <blacky6767 at gmx.de>:
> Hi *,
>
> I am right now in the state of deploying my Catalyst App and have problems with my intended setup:
>
> In the backend I want to use the Catalyst Server (i.e. $ CATALYST_ENGINE='HTTP::Prefork' /path/to/myapp/script/myapp_server.pl) that serves only to localhost. In the frontend a SSL-ified Apache is setup to relay everything from/to the Catalyst Server in order to have a secure umbrella around the Catalyst App.
>
> I have looked at http://search.cpan.org/perldoc?Catalyst::Manual::Cookbook and tried to adopt the deployment options to my scenario but have problems.
>
> The problems I encountered:
> - Starting the app via https://myserver.example.com works, but if I click any link inside the app (all of them use uri_for(...)) my browser returns to http://myserver.example.com (note: http instead of https).

Your catalyst app may not believe that it is running securely because
the connection to it is http, not https. You'll need to trick it in
some way.

I documented our dev setup here:
http://dev.catalystframework.org/wiki/resources/httpstricks

We use a custom header ( set by the proxy ) to tell Catalyst it is
secure. You should make sure that the proxy will not pass this header
back from a client.

> - Images are not displayed anymore. I guess that's the "serving static content" in the cookbook. But I thought this is covered by the Apache setup.
> - If I want to "move" my app from https://myserver.example.com to https://myserver.example.com/superdupercatapp (see commented-out parts of my config below) my browser returns to http://myserver.example.com/mycontroller/myaction instead of https://myserver.example.com/superdupercatapp/mycontroller/myaction.

Not sure about these problems

> I am a bit confused about how to fix these problems.
>
> My Apache Virtual Host config looks like this right now:
> <VirtualHost *>
>  DocumentRoot /path/to/myapp/root
>  Alias /static /path/to/myapp/root/static
>
>  ProxyRequests Off
>  <Proxy *>
>  Order deny,allow
>  Allow from all
>  </Proxy>
>
>  ProxyPass /static !
>  ProxyPass /favicon.ico !
>  ProxyPass / http://localhost:3000/
>  ProxyPassReverse / http://localhost:3000/
>
>  ServerName myserver.example.com
>  ServerAdmin webmaster at example.com
>
>  #RewriteEngine On
>  #RewriteLog "/var/log/apache2/rewrite.log"
>  #RewriteLogLevel 1
>  #RewriteRule ^/superdupercatapp http://localhost:3000/ [P]
>  #RewriteRule ^/superdupercatapp/(.*) http://localhost:3000/$1 [P,L]
>  #ProxyPassReverse /superdupercatapp http://localhost:3000/
>
>  <IfDefine SSL>
>  SSLEngine On
>  SSLCertificateFile "/etc/ssl/server.pem"
>  SSLCertificateKeyFile "/etc/ssl/server.key"
>  SSLCACertificateFile "/etc/ssl/cacert.pem"
>  </IfDefine>
> </VirtualHost>
>
> Any hints or pointers?
>
> Thanks a lot. Jens
> --
> Nur bis 16.03.! DSL-Komplettanschluss inkl. WLAN-Modem für nur
> 17,95 ¿/mtl. + 1 Monat gratis!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>



-- 
evdb at ecclestoad.co.uk - http://ecclestoad.co.uk
Help Perl newbies: http://www.send-a-newbie.com/



More information about the Catalyst mailing list