[[http://tmade.de|Home tmade.de]]
[[http://wiki.tmade.de|Home Wiki]]
===== Pound =====
==== Certificate ====
http://wiki.tmade.de/doku.php?id=server:apache#ssl_authentification
==== Init-Script ====
Init-script example:
#!/bin/sh
#
# startup script for pound
#
POUNDBIN=/usr/local/pound/sbin/pound
PIDFILE=/var/run/pound.pid
CONF=/etc/pound.cfg
#CHROOTDIR=/chroot/pound
case "$1" in
start)
if [ -x "$POUNDBIN" ] ; then
echo -n "Starting pound: "
#$POUNDBIN -c -V -f $CONF -p $PIDFILE
$POUNDBIN -f $CONF -p $PIDFILE
echo -e "OK"
exit
fi
;;
stop)
echo -n "Stopping pound: "
kill `cat $PIDFILE`
rm $PIDFILE
#echo "" > $PIDFILE
echo -e "OK"
exit
;;
restart)
$0 stop
$0 start
#$POUNDBIN stop
#echo -n "Stopping Pound "
#kill `cat $PIDFILE`
#echo "" >> $PIDFILE
#$POUNDBIN start
#echo -n "Starting pound: "
#$POUNDBIN -p $PIDFILE
exit
;;
status)
if [ -f "$PIDFILE" ]; then
read pound_pid < $PIDFILE
if kill -0 "$pound_pid" 2>/dev/null ; then
echo -e "POUND running ("$pound_pid")"
exit
else
echo -e "POUND is not running, but PID file exists"
exit 1
fi
else
echo -e "POUND is not running"
exit 1
fi
;;
configtest)
$POUNDBIN -v -c -f $CONF -p $PIDFILE
#$POUNDBIN -c -f $CONF -p $PIDFILE
;;
*)
echo "usage: $0 { start | stop | restart | status | configtest }" >&2
exit 1
;;
esac
Configuration file "pound.cfg":
## Minimal sample pound.cfg
######################################################################
## global options:
User "root"
Group "root"
#RootJail "/chroot/pound"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
#LogLevel 1
LogLevel 2
#local4 configured in /etc/syslog-ng/syslog-ng
LogFacility local4
#LogFacility -
## check backend every X secs:
Alive 30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine ""
#Pfad zur Socket-Datei
Control "/var/run/pound.socket"
######################################################################
## listen, redirect and ... to:
# Here is a more complex example: assume your static images (GIF/JPEG) are to be served from a single back-end 192.168.0.10. In
# addition, 192.168.0.11 is to do the hosting for www.myserver.com with URL-based sessions, and 192.168.0.20 (a 1GHz PIII) and
# 192.168.0.21 (800Mhz Duron) are for all other requests (cookie-based sessions). The logging will be done by the back-end servers.
# The configuration file may look like this:
# Main listening ports
#Access on Port 80
ListenHTTP
#virtuelle IP
Address 10.0.0.190
Port 80
Service
#Stringsrequest during page-access
HeadRequire "Host: .*testhost.testdomain.local.*"
#Redirect all HTTP traffic to an SSL url
#Redirect "https://my.example.com/"
#Webserver-1
BackEnd
Address 10.0.0.191
Port 80
Priority 3
End
#Webserver-2
BackEnd
Address 10.0.0.192
Port 80
Priority 3
End
#Session COOKIE cookie-name N
Session
#Type IP
Type COOKIE
ID "userid"
#ID "sess"
TTL 300
End
End
End
#Access on Port 443
ListenHTTPS
#SSL-Request-Forwarding
xHTTP 1
HeadRemove "X-SSL-Request"
HeadRemove "X-Forwarded-For"
AddHeader "X-SSL-Request: 1"
#virtual IP
Address 10.0.0.190
Port 443
#SSL-Zertifikat
Cert "/etc/apache2/ssl.pem/testhost.pem"
Service
#Stringsrequest during page-access
HeadRequire "Host: .*testhost.testdomain.local.*"
#Webserver-1
BackEnd
Address 10.0.0.191
Port 443
#Access on https
https
End
#Webserver-2
BackEnd
Address 10.0.0.192
Port 443
#Access on https
https
End
#Save IP (Cookie)
Session
Type IP
TTL 300
End
End
End
#######################################################################################
ListenHTTPS
Address 1.2.3.4
Port 443
Cert "/etc/ssl/certs/mydomain.com.pem"
Service
HeadRequire "Host:.*test1.mydomain.com.*"
BackEnd
Address 192.168.1.11
Port 80
End
End
Service
HeadRequire "Host:.*test2.mydomain.com.*"
BackEnd
Address 192.168.1.12
Port 80
End
End
Service
HeadRequire "Host:.*test3.mydomain.com.*"
BackEnd
Address 192.168.1.13
Port 80
End
End
End
#[Optional] Images server(s)
# Service
# #URL ".*.(jpg|gif)"
# URL "\.(jpg|gif|png|jpeg)$"
# BackEnd
# Address 10.0.0.195
# Port 80
# End
# End