Hello all I face the problem, that the sni extension is not set on healthcheck-requests to a backend using tls.
Because healthchecks are negative, this leads to ordinary requests also beeing denied. AH02033: No hostname was provided via SNI for a name based virtual host I’ve also investigated it with wireshark, the extionsion is defenitely not set. My config looks as follows: --------------------------------------------------------------------------------- Listen 127.0.0.1:443 ServerName www.localhost.com <VirtualHost 127.0.0.1:443> ServerName www.localhost.com ServerAlias localhost.com SSLCertificateFile /etc/httpd/ssl/ca.crt SSLCertificateKeyFile /etc/httpd/ssl/ca.key SSLEngine on SSLProxyEngine on ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/} ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get hcuri=/healthcheck.php <Proxy balancer://mycluster lbmethod=byrequests> BalancerMember https://127.0.0.1:8443 BalancerMember https://127.0.0.1:8444 ProxyPreserveHost On SSLProxyProtocol TLSv1 </Proxy> <Location /> ProxyPass balancer://mycluster/ ProxyPassReverse balancer://mycluster/ </Location> </VirtualHost> --------------------------------------------------------------------------------- I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the problem .. Am I missing something, or is this eventually a bug in mod_proxy_hcheck? Thanks in advance for help/ideas on this! Cheers Dominik
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature