[Dancer-users] ssl questions
Brian E. Lozier
brian at massassi.com
Tue May 31 17:07:29 CEST 2011
I have set up my dancer app using plackup and behind nginx. I have
set up nginx to accept traffic on either port 80 or 443 (https,
encrypted). I want to ensure that the /login/ route is never accessed
over port 80, only over https. To do this, I think I need to have a
check at the top of the route to see if SSL is on and forward to 443
if not. Then after login is completed I want to forward them back to
the unencrypted area. I've done this before under mod_perl
(non-Dancer app), but I'm not quite sure how this should work in my
current situation.
Under mod_perl I believe I had an environment variable I could check
to see if the connection was "SECURE" but now the connection is
*never* secure between nginx and my dancer app right? My
understanding is that the connection between the user and the nginx is
secure, but nginx decrypts everything before forwarding to my dancer
app right? Is this a security risk?
I dumped Dancer::Request and didn't see anything that will allow me to
find out if I'm under https.
Thanks,
Brian
More information about the Dancer-users
mailing list