[Mongrel] Getting ssl environment to mongrel from apache

snacktime snacktime at gmail.com
Thu Aug 3 15:23:34 EDT 2006

On 8/3/06, Zed Shaw <zedshaw at zedshaw.com> wrote:
> On Tue, 2006-07-25 at 10:51 -0700, snacktime wrote:
> > I have apache 1.3 with mod_ssl in front of mongrel/rails.  Apache is
> > setup to require client certification, and I'm trying to figure out
> > how to pass the ssl env variables to mongrel.  Here is the apache
> > config to proxy requests to mongrel.  I haven't tried to pass env
> > variables like this before so I'm not sure if it's the apache config I
> > have wrong, if mongrel isn't picking up the env variables I am
> > setting, or if it's just not possible to do what I'm trying to do.
> > Any guidance would be appreciated.
> >
> Did you get this working yet?

No, but the problem is that I'm using apache 1.3 that doesn't have a
way to set custom headers in the proxy request.  2.X would work, it's
just not an option in this case.  In any case it's definitely not a
mongrel issue per say.

Using scgi does work, although I've ran into a different problem where
my app throws a Device Not Configured error when trying to make an
https connection after being idle for a few hours.  I have a feeling
something in the mix isn't thread safe, but it's a bit above me to
track down.

The next thing I might try is to use pound.  It will pass the ssl
client certificate to mongrel/rails where I can just do the
certificate verification manually with openssl.

More information about the Mongrel-users mailing list