Configuring Pound with SSL SupportProblemYou want to secure HTTP traffic to and from your Rails application using Secure Sockets Layer (SSL). Specifically, you want to use SSL with a cluster of Mongrel servers. SolutionUse Pound to handle HTTPS requests, decrypting and passing them back to your Mongrel cluster as plain HTTP. For Pound to handle HTTPS requests, you have configure it with SSL support at build-time. Do this by passing the --with-ssl option to configure, supplying the location of your OpenSSL header files (e.g., /usr/include/openssl). $ cd /usr/local/src/Pound-2.0 $ ./configure --with-ssl=/usr/include/openssl $ make $ sudo make install To verify that Pound has been built and configured successfully, you can always run: $ pound -v -c 30/Jul/2006 22:22:10 -0700: starting... Config file /usr/local/etc/pound.cfg is OK Now, edit the Pound configuration file, adding a ListenHTTPS directive. Within that directive, specify port 443 and the location of your SSL certificate (e.g., /usr/local/etc/openssl/site-cert.pem). /etc/pound/pound.cfg: User "www-data" Group "www-data" LogLevel 3 Alive 30 ListenHTTPS Address 69.12.146.109 Port 443 Cert "/usr/local/etc/openssl/site-cert.pem" HeadRemove "X-Forwarded-Proto" AddHeader "X-Forwarded-Proto: https" End Service BackEnd Address 127.0.0.1 Port 3303 End BackEnd Address 127.0.0.1 Port 3304 End Session Type BASIC TTL 300 End End Discussion
ssl? <%= request.ssl? %> See Also
|