Yes, into httpd-ssl.conf # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" # Listen 8443 2012/2/20 Igor Cicimov <icicimov@xxxxxxxxx>: > Do you have > Listen 8443 > at all in your config? > > On Feb 20, 2012 10:28 PM, "Andres Aguado" <andriu.one@xxxxxxxxx> wrote: >> >> mmmmm, i've configured on other machine, other apache 2.2 as reverse >> proxy and i've forwarded request to https://www.ingdirect.es, and the >> error is the same >> >> This is a very strange cuestion but, do you know if these >> configurations should work?, is it necessary to make any strange >> configuration? >> >> Regards >> Andres >> >> 2012/2/20 Andres Aguado <andriu.one@xxxxxxxxx>: >> > Hi again. Here we are again >> > >> > Sorry, but I don't understand that dns error, because i'm connecting >> > to ip interface. I'm not connecting to dns name to simplify the issue. >> > And i can connect from proxy to backend ok to https port. the problem >> > seems to be when virtual host "proxypass" the request, because i can >> > connect from another machine to https://192.168.112.57 too >> > >> > Jeff, I've changed proxypass and proxypassreverse sentences adding / a >> > the end but it's not working. >> > >> > Arrrrrrrrrrrrrrrrrrgggggggggg, I can't believe this configuration is >> > so difficult. It looked easy when i started it! >> > >> > 2012/2/17 Jeff Trawick <trawick@xxxxxxxxx>: >> >> On Fri, Feb 17, 2012 at 10:28 AM, Igor Cicimov <icicimov@xxxxxxxxx> >> >> wrote: >> >>> You have DNS error. Also check if you can connect from the proxy to >> >>> the >> >>> backend on ssl port. >> >> >> >> proxy: DNS >> >> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg >> >> >> >> That looks more like a configuration problem... The path is >> >> unexpectedly concatenated with the host (okay, IP). >> >> >> >> Change >> >> ProxyPass / https://192.168.112.57 >> >> to >> >> ProxyPass / https://192.168.112.57/ >> >> (similar for ProxyPassReverse) >> >>> >> >>> On Feb 18, 2012 1:04 AM, "Andres Aguado" <andriu.one@xxxxxxxxx> wrote: >> >>>> >> >>>> Hi again Igor, connecting to https://192.168.112.57 directly, a >> >>>> websphere app server (the backend app server for my case) admin page >> >>>> is shown >> >>>> >> >>>> The error log shows this files since startup >> >>>> >> >>>> The Apache2.2 service has restarted. >> >>>> arent: Received restart signal -- Restarting the server. >> >>>> [Fri Feb 17 14:14:15 2012] [notice] Child 6132: Exit event signaled. >> >>>> Child process is ending. >> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: generating secret for >> >>>> digest authentication ... >> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: done >> >>>> [Fri Feb 17 14:14:16 2012] [notice] Child 6132: Released the start >> >>>> mutex >> >>>> [Fri Feb 17 14:14:17 2012] [notice] Apache/2.2.21 (Win32) DAV/2 >> >>>> mod_ssl/2.2.21 OpenSSL/0.9.8r configured -- resuming normal >> >>>> operations >> >>>> [Fri Feb 17 14:14:17 2012] [notice] Server built: Sep 9 2011 >> >>>> 10:26:10 >> >>>> [Fri Feb 17 14:14:17 2012] [notice] Parent: Created child process >> >>>> 4308 >> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: generating secret for >> >>>> digest authentication ... >> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: done >> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Child process is >> >>>> running >> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Acquired the start >> >>>> mutex. >> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting 64 worker >> >>>> threads. >> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to >> >>>> listen on port 80. >> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to >> >>>> listen on port 8443. >> >>>> [Fri Feb 17 14:14:22 2012] [error] [client 127.0.0.1] proxy: DNS >> >>>> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg >> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: All worker threads >> >>>> have >> >>>> exited. >> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: Child process is >> >>>> exiting >> >>>> >> >>>> About app logs, i've not seen it and i don't know what file to look >> >>>> for, so i'll ask app administrator server that sure will know it >> >>>> >> >>>> Thanks! >> >>>> andres >> >>>> >> >>>> 2012/2/17 Igor Cicimov <icicimov@xxxxxxxxx>: >> >>>> > What is in the error file dude not the access one? Since you are >> >>>> > proxying to >> >>>> > https://192.168.112.57 do you have ssl enabled on that server? What >> >>>> > do >> >>>> > you >> >>>> > see in its log file? >> >>>> > >> >>>> > Since you said http proxying works i suspect you don't have ssl >> >>>> > configured >> >>>> > on the backend 192.168.112.57. >> >>>> > >> >>>> > >> >>>> > On Fri, Feb 17, 2012 at 8:57 PM, Andres Aguado >> >>>> > <andriu.one@xxxxxxxxx> >> >>>> > wrote: >> >>>> >> >> >>>> >> Sorry Tom, here is an important piece of httpd-ssl.conf >> >>>> >> >> >>>> >> SSLEngine on #Behind proxypass sentences >> >>>> >> SSLCertificateFile "C:\Program Files (x86)\Apache Software >> >>>> >> Foundation\Apache2.2\conf\ssl\server.crt" >> >>>> >> SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software >> >>>> >> Foundation\Apache2.2\conf\ssl\server.key" >> >>>> >> >> >>>> >> .crt and .key files has been created and are present in specified >> >>>> >> directory >> >>>> >> >> >>>> >> Actuallly, redirect to https is disabled, and i'm not connecting >> >>>> >> to >> >>>> >> http, i'm connecting to https://ipreverseproxy:8443 directly. >> >>>> >> >> >>>> >> Regards >> >>>> >> Andres >> >>>> >> >> >>>> >> 2012/2/17 Tom Evans <tevans.uk@xxxxxxxxxxxxxx>: >> >>>> >> > On Thu, Feb 16, 2012 at 2:31 PM, Andres Aguado >> >>>> >> > <andriu.one@xxxxxxxxx> >> >>>> >> > wrote: >> >>>> >> >> Hi all, i'd like to expose my problem because i'm going crazy, >> >>>> >> >> and >> >>>> >> >> if >> >>>> >> >> anyone could help me it'll be very appreciated. >> >>>> >> >> >> >>>> >> >> Well, I've an apache 2.2 server over win2k8, and i want to >> >>>> >> >> configure >> >>>> >> >> it as reverse proxy to send request to backend Websphere server >> >>>> >> >> >> >>>> >> >> So, my httpd.conf file is written like this: >> >>>> >> >> >> >>>> >> >> NameVirtualHost *:80 >> >>>> >> >> <VirtualHost *:80> >> >>>> >> >> DocumentRoot "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\htdocs\my_example" >> >>>> >> >> ServerName www.my_example.es:80 >> >>>> >> >> ServerRoot "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2" >> >>>> >> >> DirectoryIndex index.html >> >>>> >> >> Redirect / https://www.my_example.es:8443 >> >>>> >> >> ErrorLog "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\logs\error.log" >> >>>> >> >> TransferLog "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\logs\access.log" >> >>>> >> >> >> >>>> >> >> ProxyRequests Off >> >>>> >> >> </VirtualHost> >> >>>> >> >> >> >>>> >> >> And i've configured virtual host on 8443 in httpd-ssl.conf like >> >>>> >> >> this: >> >>>> >> >> >> >>>> >> >> <VirtualHost _default_:8443> >> >>>> >> >> DocumentRoot "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\htdocs\my_example" >> >>>> >> >> DirectoryIndex index2.html >> >>>> >> >> ServerName www.my_example.es:8443 >> >>>> >> >> ServerAdmin admin@my_example.es >> >>>> >> >> ErrorLog "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\logs\error.log" >> >>>> >> >> TransferLog "C:\Program Files (x86)\Apache Software >> >>>> >> >> Foundation\Apache2.2\logs\access.log" >> >>>> >> >> >> >>>> >> >> ProxyRequests Off >> >>>> >> >> ProxyPreserveHost On >> >>>> >> >> ProxyPass / https://192.168.112.57 >> >>>> >> >> ProxyPassReverse / https://192.168.112.57 >> >>>> >> >> </VirtualHost> >> >>>> >> >> >> >>>> >> >> Proxy modules enabled are mod_proxy.so and mod_proxy_http.so >> >>>> >> >> But this configuration is not working. >> >>>> >> >> >> >>>> >> >> If i comment both proxypass sentences and try, it connects to >> >>>> >> >> local >> >>>> >> >> index.html page, but if i enable proxypass sentences, it tries >> >>>> >> >> to >> >>>> >> >> connect, typical website certificate error (continue to this >> >>>> >> >> site) >> >>>> >> >> appears in iexplorer and internal server error page is >> >>>> >> >> displayed. >> >>>> >> >> >> >>>> >> >> Could anyone help me please? >> >>>> >> >> >> >>>> >> >> Thank you very much >> >>>> >> >> Andres >> >>>> >> >> >> >>>> >> > >> >>>> >> > Your port 80 vhost redirects users with protocol https to your >> >>>> >> > port >> >>>> >> > 8443 >> >>>> >> > vhost. >> >>>> >> > Your port 8433 vhost is not configured for SSL. >> >>>> >> > Your browser attempts to talk SSL to a non SSL vhost. >> >>>> >> > Hilarity ensues. >> >>>> >> > >> >>>> >> > Cheers >> >>>> >> > >> >>>> >> > Tom >> >>>> >> > >> >>>> >> > >> >>>> >> > --------------------------------------------------------------------- >> >>>> >> > The official User-To-User support forum of the Apache HTTP >> >>>> >> > Server >> >>>> >> > Project. >> >>>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info. >> >>>> >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> >> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >>>> >> > >> >>>> >> >> >>>> >> >> >>>> >> --------------------------------------------------------------------- >> >>>> >> The official User-To-User support forum of the Apache HTTP Server >> >>>> >> Project. >> >>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> >>>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >>>> >> >> >>>> > >> >>>> >> >>>> --------------------------------------------------------------------- >> >>>> The official User-To-User support forum of the Apache HTTP Server >> >>>> Project. >> >>>> See <URL:http://httpd.apache.org/userslist.html> for more info. >> >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >>>> >> >>> >> >> >> >> >> >> >> >> -- >> >> Born in Roswell... married an alien... >> >> >> >> --------------------------------------------------------------------- >> >> The official User-To-User support forum of the Apache HTTP Server >> >> Project. >> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|