-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL handling #99
Comments
Happy to look at this, @jimlambie |
Hmm. Making progress on this. In essence it's fairly simple to implement, but there is a knock on effect when we're running on both I see the modes as When running in I'm going to get the |
Ok here is what I have so far: d5b4bb0 Tests still need to be updated but don't want to do that until we have decided this is the way we want to go.
|
I've now fixed the issue with redirecting to http. There was a hardcoded protocol redirect adding trailing slashes but removing the current protocol. I have also reverted some of the config changes, so config will no longer undergo breaking changes – which is good. Picking up where I left off, I've been running into numerous issues, and the easiest way has been to use the original approach, which is now all working great. The only thing which this doesn't address is |
@jimlambie if you're happy with this approach I can roll it out to |
Can you explain what you mean by "the need to have multiple server instances" in relation to |
In As we can't listen to http & https with the same instance, it means if we serve the site up on both, we'll need to return two instances, which means altering the code to work in duality. It is possible but it does have knock on effects everywhere where only once instance is assumed to exist. |
|
Do you have the routing of one to the other in place? HTTP>HTTPS, HTTPS>HTTP? If so, dual support isn't really needed. |
We have HTTP>HTTPS in place, yes, but not the vice versa, as that would still require certificates setup, which if you have them setup, you're probably going to want SSL anyway. |
This makes sense to me. I'm happy. |
At the moment configuration appears to enable SSL as being either on or off. SSL needs to be supported in a variety of configurations:
In addition the method of recognising/enforcing an SSL request needs attention. In a load balanced setup the load balancer will usually handle SSL, piping requests as HTTP to the end instances. This architecture doesn't currently work with DADI Web.
The text was updated successfully, but these errors were encountered: