Caution: This documentation is for eZ Publish legacy, from version 3.x to 6.x.
For 5.x documentation covering Platform see eZ Documentation Center, for difference between legacy and Platform see 5.x Architecture overview.

SSLProxyServerName

Summary

Sets which virtual host that functions as a proxy server for incoming SSL requests.

Usage

 

SSLProxyServerName=virtual_host_name

Description

This setting was introduced in eZ Publish 3.10 as a part of a functionality that provides support for using SSL proxy servers.

The purpose of this feature is to reduce complexity by decreasing the number of entries in the Apache configuration file. For each eZ Publish installation, only one virtual host is needed, plus the one that handles all incoming SSL requests. It is typically useful when several SSL-enabled eZ Publish sites/installations are running through different virtual hosts on the same server. Using this feature, it is possible to create an additional virtual host that functions as an SSL proxy server (a single-point-of-contact interface between the clients and the sites/installations). It will listen on port 443 and handle all incoming SSL requests no matter which site they were meant for. The requests are internally redirected to the corresponding virtual hosts running the actual sites. Finally, eZ Publish will handle them and provide the actual response. The responses are passed back to the SSL proxy server which then returns them to the clients that issued the corresponding requests.

When redirecting an SSL request to a virtual host, the proxy server sets the "HTTP_X_FORWARDED_SERVER" header. The value will be the name of the proxy server (the name of the virtual host as configured in Apache). All eZ Publish installations running on different virtual hosts must have the "SSLProxyServerName" directive set to the same value. This makes it possible for eZ Publish to distinguish SSL requests from usual HTTP requests. The system will identify a request as an SSL request if the value of the "HTTP_X_FORWARDED_SERVER" header matches the value of the "SSLProxyServerName" configuration setting. Otherwise, it will be classified as an ordinary HTTP request. The response will be passed to the SSL proxy server and then returned to the client.

The default value of the "SSLProxyServerName" directive is "localhost".

Julia Shymova (09/08/2007 9:07 am)

Julia Shymova (13/08/2007 7:21 am)

Julia Shymova, Balazs Halasy


Comments

There are no comments.