Table of Contents

Home tmade.de

Home Wiki

Pound

Certificate

http://wiki.tmade.de/doku.php?id=server:apache#ssl_authentification

Init-Script

Init-script example:

#!/bin/sh
#
# startup script for pound
#
POUNDBIN=/usr/local/pound/sbin/pound
PIDFILE=/var/run/pound.pid
CONF=/etc/pound.cfg

#CHROOTDIR=/chroot/pound

case "$1" in

    start)
    if [ -x "$POUNDBIN" ] ; then
        echo -n "Starting pound: "
        #$POUNDBIN -c -V -f $CONF -p $PIDFILE
        $POUNDBIN -f $CONF -p $PIDFILE
        echo -e "OK"
        exit
    fi
    ;;

    stop)
    echo -n "Stopping pound: "
    kill `cat $PIDFILE`
    rm $PIDFILE
    #echo "" > $PIDFILE
    echo -e "OK"
    exit
    ;;

    restart)
        $0 stop
        $0 start
    #$POUNDBIN stop
        #echo -n "Stopping Pound "
        #kill `cat $PIDFILE`
        #echo "" >> $PIDFILE
    #$POUNDBIN start
        #echo -n "Starting pound: "
        #$POUNDBIN -p $PIDFILE
    exit
    ;;

    status)
    if [ -f "$PIDFILE" ]; then
        read pound_pid < $PIDFILE
      if kill -0 "$pound_pid" 2>/dev/null ; then
        echo -e "POUND running ("$pound_pid")"
        exit
      else
        echo -e "POUND is not running, but PID file exists"
        exit 1
      fi
    else
        echo -e "POUND is not running"
        exit 1
      fi
    ;;

    configtest)
    $POUNDBIN -v -c -f $CONF -p $PIDFILE
    #$POUNDBIN -c -f $CONF -p $PIDFILE
    ;;

    *)
    echo "usage: $0 { start | stop | restart | status | configtest }" >&2
    exit 1
    ;;

esac

Configuration file “pound.cfg”:

## Minimal sample pound.cfg
######################################################################
## global options:
User            "root"
Group           "root"
#RootJail       "/chroot/pound"
## Logging: (goes to syslog by default)
##      0       no logging
##      1       normal
##      2       extended
##      3       Apache-style (common log format)
#LogLevel        1
LogLevel 2

#local4 configured in /etc/syslog-ng/syslog-ng 
LogFacility local4 
#LogFacility -

## check backend every X secs:
Alive           30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine      ""

#Pfad zur Socket-Datei
Control "/var/run/pound.socket" 

######################################################################
## listen, redirect and ... to:
# Here is a more complex example: assume your static images (GIF/JPEG) are to be served from  a  single  back-end  192.168.0.10.  In
#       addition,  192.168.0.11  is  to  do  the  hosting for www.myserver.com with URL-based sessions, and 192.168.0.20 (a 1GHz PIII) and
#       192.168.0.21 (800Mhz Duron) are for all other requests (cookie-based sessions).  The logging will be done by the back-end servers.
#       The configuration file may look like this:
              # Main listening ports

	#Access on Port 80
	ListenHTTP
		#virtuelle IP
            	Address 10.0.0.190
            	Port    80

            	Service
			#Stringsrequest during page-access
                	HeadRequire "Host: .*testhost.testdomain.local.*"
                
                        #Redirect all HTTP traffic to an SSL url
                        #Redirect "https://my.example.com/"

			#Webserver-1
                	BackEnd
                    	Address 10.0.0.191
                    	Port    80
		    	Priority 3
                	End

			#Webserver-2 
			BackEnd
                   	Address 10.0.0.192
                   	Port    80
		    	Priority 3
                	End
		
                        #Session COOKIE cookie-name N
			Session
           		#Type  IP
                        Type    COOKIE
                        ID      "userid"
                        #ID      "sess"
            		TTL  300
        		End

            	End

	End

	#Access on Port 443
	ListenHTTPS
		#SSL-Request-Forwarding
	    	xHTTP 1
	    	HeadRemove "X-SSL-Request"
	    	HeadRemove "X-Forwarded-For"
	    	AddHeader "X-SSL-Request: 1"
		
		#virtual IP
    	    	Address 10.0.0.190
     	    	Port    443
		#SSL-Zertifikat
     	    	Cert    "/etc/apache2/ssl.pem/testhost.pem"
     	    	Service
		  	#Stringsrequest during page-access
	    	  	HeadRequire "Host: .*testhost.testdomain.local.*"

			#Webserver-1 
                  	BackEnd
                  	Address 10.0.0.191
                  	Port 443
			#Access on https
		  	https
                  	End

			#Webserver-2
           	  	BackEnd
                  	Address 10.0.0.192
                  	Port 443
			#Access on https
		  	https
            	  	End
			
			#Save IP (Cookie) 
		  	Session
           	  	Type  IP
            	  	TTL  300
        	  	End

     	   	End
	End


#######################################################################################


ListenHTTPS
  Address 1.2.3.4
  Port    443
  Cert    "/etc/ssl/certs/mydomain.com.pem"


  Service
    HeadRequire "Host:.*test1.mydomain.com.*"
    BackEnd
      Address 192.168.1.11
      Port    80
    End
  End

  Service
    HeadRequire "Host:.*test2.mydomain.com.*"
    BackEnd
      Address 192.168.1.12
      Port    80
    End
  End

  Service
    HeadRequire "Host:.*test3.mydomain.com.*"
    BackEnd
      Address 192.168.1.13
      Port    80
    End
  End
End

	#[Optional] Images server(s)
    #      Service
    #      	 #URL ".*.(jpg|gif)"
	#	 URL "\.(jpg|gif|png|jpeg)$"
    #      	 BackEnd
    #      	 Address 10.0.0.195
    #        	 Port    80
    #            End
    #      End