Well, after looking for, copying/pasting, testing, changing and looking for again, it seems that my problem was that i needed to add the following line into my virtual host:443 SSLProxyEngine on Now it's working Thanks all for your responses, your help and your patient Regards, Andres 2012/2/20 Andres Aguado <andriu.one@xxxxxxxxx>: > Yes, into httpd-ssl.conf > > # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two > # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" > # > Listen 8443 > > > > 2012/2/20 Igor Cicimov <icicimov@xxxxxxxxx>: >> Do you have >> Listen 8443 >> at all in your config? >> >> On Feb 20, 2012 10:28 PM, "Andres Aguado" <andriu.one@xxxxxxxxx> wrote: >>> >>> mmmmm, i've configured on other machine, other apache 2.2 as reverse >>> proxy and i've forwarded request to https://www.ingdirect.es, and the >>> error is the same >>> >>> This is a very strange cuestion but, do you know if these >>> configurations should work?, is it necessary to make any strange >>> configuration? >>> >>> Regards >>> Andres >>> >>> 2012/2/20 Andres Aguado <andriu.one@xxxxxxxxx>: >>> > Hi again. Here we are again >>> > >>> > Sorry, but I don't understand that dns error, because i'm connecting >>> > to ip interface. I'm not connecting to dns name to simplify the issue. >>> > And i can connect from proxy to backend ok to https port. the problem >>> > seems to be when virtual host "proxypass" the request, because i can >>> > connect from another machine to https://192.168.112.57 too >>> > >>> > Jeff, I've changed proxypass and proxypassreverse sentences adding / a >>> > the end but it's not working. >>> > >>> > Arrrrrrrrrrrrrrrrrrgggggggggg, I can't believe this configuration is >>> > so difficult. It looked easy when i started it! >>> > >>> > 2012/2/17 Jeff Trawick <trawick@xxxxxxxxx>: >>> >> On Fri, Feb 17, 2012 at 10:28 AM, Igor Cicimov <icicimov@xxxxxxxxx> >>> >> wrote: >>> >>> You have DNS error. Also check if you can connect from the proxy to >>> >>> the >>> >>> backend on ssl port. >>> >> >>> >> proxy: DNS >>> >> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg >>> >> >>> >> That looks more like a configuration problem... The path is >>> >> unexpectedly concatenated with the host (okay, IP). >>> >> >>> >> Change >>> >> ProxyPass / https://192.168.112.57 >>> >> to >>> >> ProxyPass / https://192.168.112.57/ >>> >> (similar for ProxyPassReverse) >>> >>> >>> >>> On Feb 18, 2012 1:04 AM, "Andres Aguado" <andriu.one@xxxxxxxxx> wrote: >>> >>>> >>> >>>> Hi again Igor, connecting to https://192.168.112.57 directly, a >>> >>>> websphere app server (the backend app server for my case) admin page >>> >>>> is shown >>> >>>> >>> >>>> The error log shows this files since startup >>> >>>> >>> >>>> The Apache2.2 service has restarted. >>> >>>> arent: Received restart signal -- Restarting the server. >>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Child 6132: Exit event signaled. >>> >>>> Child process is ending. >>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: generating secret for >>> >>>> digest authentication ... >>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: done >>> >>>> [Fri Feb 17 14:14:16 2012] [notice] Child 6132: Released the start >>> >>>> mutex >>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Apache/2.2.21 (Win32) DAV/2 >>> >>>> mod_ssl/2.2.21 OpenSSL/0.9.8r configured -- resuming normal >>> >>>> operations >>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Server built: Sep 9 2011 >>> >>>> 10:26:10 >>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Parent: Created child process >>> >>>> 4308 >>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: generating secret for >>> >>>> digest authentication ... >>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: done >>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Child process is >>> >>>> running >>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Acquired the start >>> >>>> mutex. >>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting 64 worker >>> >>>> threads. >>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to >>> >>>> listen on port 80. >>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to >>> >>>> listen on port 8443. >>> >>>> [Fri Feb 17 14:14:22 2012] [error] [client 127.0.0.1] proxy: DNS >>> >>>> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg >>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: All worker threads >>> >>>> have >>> >>>> exited. >>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: Child process is >>> >>>> exiting >>> >>>> >>> >>>> About app logs, i've not seen it and i don't know what file to look >>> >>>> for, so i'll ask app administrator server that sure will know it >>> >>>> >>> >>>> Thanks! >>> >>>> andres >>> >>>> >>> >>>> 2012/2/17 Igor Cicimov <icicimov@xxxxxxxxx>: >>> >>>> > What is in the error file dude not the access one? Since you are >>> >>>> > proxying to >>> >>>> > https://192.168.112.57 do you have ssl enabled on that server? What >>> >>>> > do >>> >>>> > you >>> >>>> > see in its log file? >>> >>>> > >>> >>>> > Since you said http proxying works i suspect you don't have ssl >>> >>>> > configured >>> >>>> > on the backend 192.168.112.57. >>> >>>> > >>> >>>> > >>> >>>> > On Fri, Feb 17, 2012 at 8:57 PM, Andres Aguado >>> >>>> > <andriu.one@xxxxxxxxx> >>> >>>> > wrote: >>> >>>> >> >>> >>>> >> Sorry Tom, here is an important piece of httpd-ssl.conf >>> >>>> >> >>> >>>> >> SSLEngine on #Behind proxypass sentences >>> >>>> >> SSLCertificateFile "C:\Program Files (x86)\Apache Software >>> >>>> >> Foundation\Apache2.2\conf\ssl\server.crt" >>> >>>> >> SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software >>> >>>> >> Foundation\Apache2.2\conf\ssl\server.key" >>> >>>> >> >>> >>>> >> .crt and .key files has been created and are present in specified >>> >>>> >> directory >>> >>>> >> >>> >>>> >> Actuallly, redirect to https is disabled, and i'm not connecting >>> >>>> >> to >>> >>>> >> http, i'm connecting to https://ipreverseproxy:8443 directly. >>> >>>> >> >>> >>>> >> Regards >>> >>>> >> Andres >>> >>>> >> >>> >>>> >> 2012/2/17 Tom Evans <tevans.uk@xxxxxxxxxxxxxx>: >>> >>>> >> > On Thu, Feb 16, 2012 at 2:31 PM, Andres Aguado >>> >>>> >> > <andriu.one@xxxxxxxxx> >>> >>>> >> > wrote: >>> >>>> >> >> Hi all, i'd like to expose my problem because i'm going crazy, >>> >>>> >> >> and >>> >>>> >> >> if >>> >>>> >> >> anyone could help me it'll be very appreciated. >>> >>>> >> >> >>> >>>> >> >> Well, I've an apache 2.2 server over win2k8, and i want to >>> >>>> >> >> configure >>> >>>> >> >> it as reverse proxy to send request to backend Websphere server >>> >>>> >> >> >>> >>>> >> >> So, my httpd.conf file is written like this: >>> >>>> >> >> >>> >>>> >> >> NameVirtualHost *:80 >>> >>>> >> >> <VirtualHost *:80> >>> >>>> >> >> DocumentRoot "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example" >>> >>>> >> >> ServerName www.my_example.es:80 >>> >>>> >> >> ServerRoot "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2" >>> >>>> >> >> DirectoryIndex index.html >>> >>>> >> >> Redirect / https://www.my_example.es:8443 >>> >>>> >> >> ErrorLog "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\logs\error.log" >>> >>>> >> >> TransferLog "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\logs\access.log" >>> >>>> >> >> >>> >>>> >> >> ProxyRequests Off >>> >>>> >> >> </VirtualHost> >>> >>>> >> >> >>> >>>> >> >> And i've configured virtual host on 8443 in httpd-ssl.conf like >>> >>>> >> >> this: >>> >>>> >> >> >>> >>>> >> >> <VirtualHost _default_:8443> >>> >>>> >> >> DocumentRoot "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example" >>> >>>> >> >> DirectoryIndex index2.html >>> >>>> >> >> ServerName www.my_example.es:8443 >>> >>>> >> >> ServerAdmin admin@my_example.es >>> >>>> >> >> ErrorLog "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\logs\error.log" >>> >>>> >> >> TransferLog "C:\Program Files (x86)\Apache Software >>> >>>> >> >> Foundation\Apache2.2\logs\access.log" >>> >>>> >> >> >>> >>>> >> >> ProxyRequests Off >>> >>>> >> >> ProxyPreserveHost On >>> >>>> >> >> ProxyPass / https://192.168.112.57 >>> >>>> >> >> ProxyPassReverse / https://192.168.112.57 >>> >>>> >> >> </VirtualHost> >>> >>>> >> >> >>> >>>> >> >> Proxy modules enabled are mod_proxy.so and mod_proxy_http.so >>> >>>> >> >> But this configuration is not working. >>> >>>> >> >> >>> >>>> >> >> If i comment both proxypass sentences and try, it connects to >>> >>>> >> >> local >>> >>>> >> >> index.html page, but if i enable proxypass sentences, it tries >>> >>>> >> >> to >>> >>>> >> >> connect, typical website certificate error (continue to this >>> >>>> >> >> site) >>> >>>> >> >> appears in iexplorer and internal server error page is >>> >>>> >> >> displayed. >>> >>>> >> >> >>> >>>> >> >> Could anyone help me please? >>> >>>> >> >> >>> >>>> >> >> Thank you very much >>> >>>> >> >> Andres >>> >>>> >> >> >>> >>>> >> > >>> >>>> >> > Your port 80 vhost redirects users with protocol https to your >>> >>>> >> > port >>> >>>> >> > 8443 >>> >>>> >> > vhost. >>> >>>> >> > Your port 8433 vhost is not configured for SSL. >>> >>>> >> > Your browser attempts to talk SSL to a non SSL vhost. >>> >>>> >> > Hilarity ensues. >>> >>>> >> > >>> >>>> >> > Cheers >>> >>>> >> > >>> >>>> >> > Tom >>> >>>> >> > >>> >>>> >> > >>> >>>> >> > --------------------------------------------------------------------- >>> >>>> >> > The official User-To-User support forum of the Apache HTTP >>> >>>> >> > Server >>> >>>> >> > Project. >>> >>>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >>>> >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> >> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >>>> >> > >>> >>>> >> >>> >>>> >> >>> >>>> >> --------------------------------------------------------------------- >>> >>>> >> The official User-To-User support forum of the Apache HTTP Server >>> >>>> >> Project. >>> >>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >>>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >>>> >> >>> >>>> > >>> >>>> >>> >>>> --------------------------------------------------------------------- >>> >>>> The official User-To-User support forum of the Apache HTTP Server >>> >>>> Project. >>> >>>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >>>> >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> Born in Roswell... married an alien... >>> >> >>> >> --------------------------------------------------------------------- >>> >> The official User-To-User support forum of the Apache HTTP Server >>> >> Project. >>> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|