From d7e5277c680d73ac2e11aea0b473d98b2d48350c Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Tue, 27 Dec 2016 21:53:30 +0300 Subject: Disregard possible port in the Host HTTP header Motivation: to make it easy to switch Sproxy's primary port. This could be useful when running private (behind Sproxy) and public (e. g. nginx) HTTPS services on the same server. In such a setup one can use port 443 for public services and alt. HTTPS port 8443 for Sproxy. Before this change, Sproxy took possible port number into account when looking for backend and privileges. Now it ignores port and considers domain name only. This also gets Sproxy in line with browsers and SSL certificates: certificates do not include port numbers, browsers ignore ports when sending cookies. --- sproxy.example.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'sproxy.example.yml') diff --git a/sproxy.example.yml b/sproxy.example.yml index 063f51e..0259dfc 100644 --- a/sproxy.example.yml +++ b/sproxy.example.yml @@ -147,11 +147,10 @@ ssl_key: /path/key.pem # Unix sockets should be secured with proper unix file permissions. # # Backend attributes: -# name - the host name as in the Host HTTP header. +# name - the domain name as in the Host HTTP header (without optional colon and port). # May include wildcards * and ?. The first matching # backend will be used. Examples: "*.example.com", "wiki.corp.com". -# Optional. Default is "*". Note, that the name must include -# port number if non-standard. +# Optional. Default is "*". # address - backend IP address. Optional. Default is 127.0.0.1. # port - backend TCP port. Required unless unix socket is defined. # socket - unix socket. Highly recommended for security reasons. -- cgit v1.2.3