An InAcademia node provides various services which internally live on different ports.
For a production node, we do not want to have external services connect to 'weird' ports. Therefor we want all traffic to terminate at a regular https port. To reach the internal applications, we redirect subdirectories to specific ports on the localhost web server. In additions, internal interfaces do not support https, whereas we only use https externally.
We use POUND to handle SSL termination, and use a webserver (currently Apache with mod_proxy) to redirect specific URLs to ports on the internal (localhost server)
Source: HTTP(s) flows
An example for the URL is: https://t01.t.inacademia.org/svs
ListenHTTPS
Address 0.0.0.0
Port 443
AddHeader "X-Forwarded-Proto: https"
HeadRemove "X-Forwarded-Proto"
HeadRemove "X-Forwarded-For"
Cert "/etc/ssl/localcerts/pound.pem"
Service
BackEnd
Address 127.0.0.1
Port 80
Priority 1
End
End
End |
Apache need mod_proxy and mod_proxy_http installed
ProxyRequests Off
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
#SSLProxyEngine on
# SvS core application
ProxyPass /svs http://localhost:8087
ProxyPassReverse /svs http://localhost:8087
# MDX - Metadata handling
ProxyPass /mdx http://localhost:8088
ProxyPassReverse /mdx http://localhost:8088
# DS - Discovery Service
ProxyPass /ds http://localhost:8100
ProxyPassReverse /ds http://localhost:8100
|