Not able to use reverse proxy for SSL termination #153
Comments
I think with reverse proxies you'll have trouble with Authentication. Why do you need a reverse proxy? |
I haven't tested authentication yet. As for why- it's because @peacekeeper wants to package an LDP server on a freedombox. However, LDP server is only 1 of several http servers which are running on freedombox. To be able to share the same port (443), we need a reverse proxy. Other HTTP servers don't care if they are behind a proxy and it would be preferable if our LDP server didn't care either. |
I don't exactly know how reverse proxies function, but IF the SSL connection ends at the proxy then one has
Perhaps one should go the route of 2 (iii), as I assume Play does function with reverse proxies out of the box by now... But that will take a rewrite of the authentication layer. Anyway that's assuming I got the initial point about reverse proxies right. |
Yes, you got the initial point right- the SSL connection ends at the proxy, the proxy in turn forwards a normal HTTP request to the desired endpoint (rww-play). And yes, Play already works with reverse proxies https://www.playframework.com/documentation/2.1.1/HTTPServer . I don't see the best way to proceed solving this problem but 2(iii) seems like a reasonable option. |
Authentication will now work with remote proxies but will limit you to HTTP Signature for the moment. See https://github.com/solid/solid-spec/issues/52 |
Instead of exposing rww-play directly to the Internet, I want to use a reverse proxy for terminating SSL connections to rww-play. However, I'm not able to do that.
Starting rww-play:
NGINX host config:
Querying a resource through reverse proxy:
Querying the same resource directly:
P.S. gold also has problems with this linkeddata/gold#41
The text was updated successfully, but these errors were encountered: