Mod_proxy, mongrel, redirect issue

Jeremy_Cavagnolo · August 20, 2008, 6:47pm

Hello,

I am configuring apache 2.2 to serve my rails app through mongrel at
the root of my server. First, I redirect all http traffic to https
with the following:

ServerName emiliano

NameVirtualHost *:80
<VirtualHost *:80>
RedirectPermanent / https://emiliano #this server is only accessed
internally

Inside the <VirtualHost *:443> section, I have the following
configuration, which seems extremely standard:

<Proxy balancer://mongrel>
BalancerMember http://localhost:8000
BalancerMember http://localhost:8001
BalancerMember http://localhost:8002

ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all

ProxyPass /stylesheets !
ProxyPass /javascripts !
ProxyPass /images !
ProxyPass / balancer://mongrel/
ProxyPassReverse / balancer://mongrel/
ProxyPreserveHost On

When I point my browser to “https://emiliano” I get the login page
that I expect. When I submit the login form the authorization is
properly processed (I checked the access log). However, my browser is
then directed to https://emilianousers/home (note the missing “/”
between hostname and ‘users’) which of course cannot be found. If I
manually insert the slash I am properly directed to the user home
page. I can click on links all day long and everything works, but
when I try to submit any form, the form is processed properly, but the
same issue with the missing slash returns.

I have tried removing the proxy balancer and going directly to the
mongrel instance, but I get the same behavior. I have also removed
and replaced trailing slashes in my ProxyPass directives with no
success.

Because I can’t seem to find any other documentation of this issue, I
am left believing that this is a very trivial problem.

Please Help!

jeremy

Jeremy_Cavagnolo · August 20, 2008, 7:56pm

This might help … I have the following rewrite rule in my conf
file …

Redirect all non-static requests to cluster

RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://resman_cluster%{REQUEST_URI} [P,QSA,L]

Also, I have the following :

Add a special request header so Rails redirects stay on https

RequestHeader set X_FORWARDED_PROTO “https”

HTH

Bill S.
[email protected]
AIM: siggelkowb
Home: 770-457-8854
Mobile: 770-354-2584

Jeremy_Cavagnolo · August 20, 2008, 8:25pm

Thanks for the reply.

It turns out that because I have the following permanent redirection,
I don’t need to add the request header.

NameVirtualHost *:80
<VirtualHost *:80>
RedirectPermanent / https://emiliano #this server is only accessed
internally

However, my problem came from the fact that I left off the trailing
slash from https://emiliano in the RedirectPermanent directive.

Does anyone think it is still a good idea, from a performance
standpoint, to include:

RequestHeader set X_FORWARDED_PROTO “https”

even though the requests are forwarded by the RedirectPermanent
directive?

-jeremy

Jeremy_Cavagnolo · August 20, 2008, 10:46pm

Assuming you’re running a Rails app, and you want all things generated
by link_to, url_for, etc. to keep you in HTTPS , then yes. Otherwise,
you effectively double the number of HTTP requests that the browser
makes. This is wasteful, and depending on your allocated bandwidth and
popularity, costly.

Redirect them once to get them into HTTPS, but once they’re there, the
X_FORWARDED_PROTO header is an exceedingly GOOD idea.

Jeremy_Cavagnolo · October 23, 2008, 10:47am

Yes, but to use X_FORWARDED_PROTO header, this you must have two virtual
blocks basically one for port=80 and other for port=443 so add this to
443 block, and then the / problems will be solved.