[MediaWiki-l] Trouble making server as SSL as possible and deprecating plaintext without disabling it

David Gerard dgerard at gmail.com
Wed Feb 8 17:16:55 UTC 2017


On 8 February 2017 at 17:03, Chad <innocentkiller at gmail.com> wrote:
> On Wed, Feb 8, 2017 at 8:30 AM David Gerard <dgerard at gmail.com> wrote:

>> Remember that the server sees *only* http:// connections, it isn't
>> doing SSL at all - SSL is terminated at the external IP.
>> (Can Apache even see if the incoming request was originally https:// ?)

> Since you're using two layers of Apache and basically proxying, no, the
> second Apache can't know. What you *could* do is set a header at the
> termination Apache though that passes the data through. Something with
> SetEnv or SetEnvIf (name it something like X_WAS_HTTPS) and then
> check for that at your second layer.


The external IP is actually a Netscaler, but yeah, I guess I'll ask
them to inject X-Forwarded-Proto and redirect to https:// if it came
in on port 80 originally. Cheers :-)


- d.



More information about the MediaWiki-l mailing list