Apache2 SSL Proxy in front of briefkasten

[BethkePeter]

Hi,
I have got the briefkasten application working with Protocal http and Port 6543.
Now I try to secure the traffic with SSL.
I am using an Apache webserver as an Reverse-Proxy.
With an sed output-filter I was able to rewrite the link in the Application, but the Email has still got an link to the webserver with http://xxxxxx, not https

What do I have to change to get the reply_url to point to https:/xxxx, in the application and EMail.

kind regards.
Peter

[tomster]

hi peter,

you need apache to tell the backend which protocol and scheme it should use. (this is specific to the way pyramid expects things to be).

having not configured apache in a while i will simply point you to the sample configuration of nginx that we use here:

        proxy_set_header        Host                $http_host;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;

in short, make sure you set the X-Forwarded-Proto header.

i hope that helps.

[BethkePeter]

Hi tom,
thanks for your hints. I have got it working:

Enabled the following apache module with
a2enmod proxy
a2enmod proxy_http
a2enmod headers

and extend the SSL Konfig

    # mod_proxy_http
    ProxyRequests Off
    <Proxy *>
            Order deny,allow
          Allow from all
    </Proxy>
    ProxyPass /briefkasten/ http://<ip-addr>:6543/briefkasten/
    ProxyPassReverse /briefkasten/ http://<ip-adr>:6543/briefkasten/
    ProxyPass /briefkasten/submit/ http://<ip-adr>:6543/briefkasten/submit/
    ProxyPassReverse /briefkasten/submit/ http://<ip-adr>:6543/briefkasten/submit/
    # mod_header
    RequestHeader set X-Forwarded-Proto "https" env=HTTPS

[tomster]

thanks for the feedback, hope it helps others, too