Pound reverse proxy, SSL, and csync

Tutorials on ownCloud administration
Forum rules
The forums were migrated over to https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.

More background information about this move and the reasoning behind it is available in this blogpost:

https://daniel.molkentin.net/2016/07/20 ... d-central/
gitsnik
Beginner
Posts: 44
Joined: Fri Nov 09, 2012 12:39 am
ownCloud version: 5.0.7
Webserver: Apache
Database: PostgreSQL
PHP version: 5.4

Pound reverse proxy, SSL, and csync

Postby gitsnik » Fri Nov 09, 2012 12:54 am

A lot of searching implies that you can't do pound in front of your ownCloud installation, or at least that there are no instructions on doing so. If you are trying to use pound as a reverse ssl proxy for your ownCloud installation there are two things to do - obviously you need to enable SSL, and you must enable pound to pass WebDAV through.

This is the configuration file I am using:

Code: Select all

ListenHTTPS
        Address 192.168.10.20
        Port    443
        xHTTP   2
        Cert "/usr/local/etc/pound/certs/cloud.crt"

        Service
                BackEnd
                        Address 192.168.10.10
                        Port    80
                End
        End
End
The important part is the xHTTP line, without it pound will not let the WebDAV queries through which will cause sync clients to fail. Because we are using SSL the ListenHTTPS and Cert lines are requirements. I'm using the standard SSL ports.

Tested this on:
ownCloud 2012 iOS 2.05
ownCloud Client 1.1.1
ownCloud Server: FreeBSD 9.1 inside a jail, behind a pound SSL reverse proxy.

iOS and roaming laptop clients.

sfabel
Newbie
Posts: 1
Joined: Wed Mar 06, 2013 1:32 am
ownCloud version: 4.5.7
Webserver: Apache
Database: PostgreSQL
OS: Linux
PHP version: 5.3.10

Re: Pound reverse proxy, SSL, and csync

Postby sfabel » Wed Mar 06, 2013 2:09 am

Sure it works. Just use Session Type IP. I'm currently working on trying to get "COOKIE" to work. I'm assuming there is a specific parameter pertaining to the session in each cookie handed out; you can make pound track that as well.

In case it's of interest, this is our pound.cfg so far. I can confirm that the sync client is working as well as the web interface; the codebase is enterprise supported 4.5.7.

Code: Select all

User "www-data"
Group "www-data"
Daemon 1
LogLevel 5

ListenHTTPS
        Address         0.0.0.0
        Port            443
        xHTTP           2
        Cert            "/etc/ssl/private/cert.pem"
        CAlist          "/etc/ssl/certs/ca-certificates.crt"

        Service
                BackEnd
                        Address 10.0.0.4
                        Port    80
                End
                BackEnd
                        Address 10.0.0.10
                        Port    80
                End
                BackEnd
                        Address 10.0.0.31
                        Port    80
                End
                BackEnd
                        Address 10.0.0.34
                        Port    80
                End
                BackEnd
                        Address 10.0.0.35
                        Port    80
                End
                BackEnd
                        Address 10.0.0.36
                        Port    80
                End
                Session
                        Type IP
                        TTL 43200
                End
        End
End


This is based on Ubuntu 12.04.2 LTS.

-Stephan


  • Similar Topics
    Replies
    Views
    Last post

Return to “Tutorials”

Who is online

Users browsing this forum: No registered users and 0 guests