[SOLVED] Re: Apache ServerName, handlerURL, and Reverse Proxy

Cantor, Scott cantor.2 at osu.edu
Mon Jan 14 10:14:37 EST 2013

On 1/14/13 3:50 AM, "Martin Haase" <Martin.Haase at DAASI.de> wrote:

>Hi Christopher, hi Scott and Peter,
>thank you for your responses, highly appreciated. As it was the only
>option, we ceased from using name-based vhosts. But we didn't have more
>IP addresses at our disposal, so we decided to use different ports for
>separating the vhosts from each other.

I don't really see how that changes your constraints, but I'll take your
word for it.

> Additionally we added the option
>"ProxyPreserveHost On" to the Apache reverse proxy in order for
>front-channel logout to work. The latter option is not described on
>https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy, and
>I could add it - do you feel that makes sense?

I guess it's necessary for name-based vhosting on the back-end, but I
don't think it's necessary in general, and I don't see what it has to do
with logout. I am generally just against trying to document Apache here. I
would prefer that whatever is added is generic and speak to the concepts,
not the specifics. I wouldn't have done that page that way to begin with
(too many specific commands that assume one way of doing things).

I think that page has other issues, for example setting handlerSSL to
false. That shouldn't be needed if ServerName has the scheme set.

-- Scott

More information about the users mailing list