<br><br><div class="gmail_quote">On Fri, Mar 26, 2010 at 12:46 AM, Octavian Rasnita <span dir="ltr"><<a href="mailto:orasnita@gmail.com">orasnita@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff">
<div><b>From:</b> <a title="moseley@hank.org" href="mailto:moseley@hank.org" target="_blank">Bill
Moseley</a> </div>
<blockquote style="padding-right:0px;padding-left:5px;margin-left:5px;border-left:#000000 2px solid;margin-right:0px"><div class="im">
<div class="gmail_quote"><blockquote class="gmail_quote" style="padding-left:1ex;margin:0px 0px 0px 0.8ex;border-left:#ccc 1px solid"><div>> > SetEnv HTTPS On<br></div></blockquote>
<div><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><font face="Arial" size="2"></font><br>
</div>
<div>> Does that header get to Catalyst? Obviously, check that
first.</div>
<div><font face="Arial" size="2">> </font><br></div>
<div> </div></div>
</div><div class="gmail_quote"><font face="Arial" size="2">I didn't know that HTTPS should
be an HTTP header and not an environment variable so I have also added as a
header.</font></div></blockquote></div></blockquote><div>Sorry, I missed that you were setting the environment var -- I assumed you were setting a header in your load balancer. Obviously, the front-end web server's environment is not shared with the back-end's environment.</div>
<div><br></div><div>You have the front-end load balancer add a header to SSL requests when being proxied to the backend. Then the backend looks for the this header and, if set, sets $c->req->secure(1);</div><div><br>
</div><div>You just need some way for the front-end to tell you which requests are SSL on the front end. As mentioned, another approach is to use two different ports on the backend.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff"><blockquote style="padding-right:0px;padding-left:5px;margin-left:5px;border-left:#000000 2px solid;margin-right:0px">
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">And finally, even though I forced
$c->req->secure to be true, $c->uri_for_action still uses the http
scheme and not https so in the entire application the redirects won't be done
correctly and this is the big problem.</font></div></blockquote></div></blockquote><div><br></div><div>You need to set $request->secure(1) earlier in the request so that when $base is created it has the correct scheme.</div>
<div><br></div><div>Here's a simple example application:</div><div><br></div><div><div><font class="Apple-style-span" face="'courier new', monospace"><div>$ cat lib/<a href="http://ssl.pm">ssl.pm</a> lib/ssl/Controller/Root.pm </div>
<div>package ssl;</div><div>use Moose;</div><div>use namespace::autoclean -except => 'meta';</div><div>extends 'Catalyst';</div><div><br></div><div>__PACKAGE__->setup();</div><div><br></div><div>after 'prepare_headers' => sub {</div>
<div> my $self = shift;</div><div> $self->req->secure( $ENV{SSL} );</div><div>};</div><div><br></div><div>1;</div><div><br></div><div><br></div><div>package ssl::Controller::Root;</div><div>use Moose;</div><div>
use namespace::autoclean -except => 'meta';</div><div>BEGIN { extends 'Catalyst::Controller' }</div><div>__PACKAGE__->config->{namespace} = '';</div><div><br></div><div>sub hello : Local {</div>
<div> my ( $self, $c ) = @_;</div><div> $c->res->body( $c->uri_for( '/hello' ) );</div><div>};</div><div><br></div><div>1;</div><div><br></div></font></div></div><div><font class="Apple-style-span" face="'courier new', monospace"><br>
</font></div><div><div><font class="Apple-style-span" face="'courier new', monospace">~/ssl$ script/<a href="http://ssl_test.pl">ssl_test.pl</a> /hello</font></div><div><font class="Apple-style-span" face="'courier new', monospace"><a href="http://localhost/hello">http://localhost/hello</a></font></div>
</div><div><font class="Apple-style-span" face="'courier new', monospace"><br></font></div><div><div><font class="Apple-style-span" face="'courier new', monospace">~/ssl$ SSL=1 script/<a href="http://ssl_test.pl">ssl_test.pl</a> /hello</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"><a href="https://localhost/hello">https://localhost/hello</a></font></div></div><div><font class="Apple-style-span" face="'courier new', monospace"><br>
</font></div><div><br></div><div>Don't get confused by that example where I'm checking $ENV. You will want to check a request header (or port) as that's how the front-end can communicate with the back-end.</div>
<div><br></div><div>Note that Catalyst::Apache::Engine will check for $ENV{HTTPS} is "ON" but for that to happen you would have to do something like $ENV{HTTPS} = $c->req->headers( 'HTTPS' ) very early in the request (or get Apache to set it based on the request header.</div>
<div><br></div><div>I find it easier to just explicitly set secure(1) based on a header (or port).</div><div><br></div><div><br></div></div>-- <br>Bill Moseley<br><a href="mailto:moseley@hank.org">moseley@hank.org</a><br>