Hi Dominik, On Mon, Oct 22, 2018 at 1:49 PM Dominik Stillhard <Dominik.Stillhard@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > I've tested the configuration you proposed. > Unfortunately the problem is not solved by using hostnames. Yes, sorry, I was looking at 2.5/trunk code, while 2.4.x is missing one commit (http://svn.apache.org/r1818726). Without this change in 2.4.x, hostnames work for proxied request but not for healthcheck (supposedly). Could you please try with the attached patch (a backport of r1818726 to 2.4.x)? Regards, Yann.
Index: modules/proxy/proxy_util.c
===================================================================
--- modules/proxy/proxy_util.c (revision 1844553)
+++ modules/proxy/proxy_util.c (working copy)
@@ -3203,6 +3203,13 @@ static int proxy_connection_create(const char *pro
backend_addr, conn->hostname);
return HTTP_INTERNAL_SERVER_ERROR;
}
+ if (conn->ssl_hostname) {
+ /* Set a note on the connection about what CN is requested,
+ * such that mod_ssl can check if it is requested to do so.
+ */
+ apr_table_setn(conn->connection->notes, "proxy-request-hostname",
+ conn->ssl_hostname);
+ }
}
else {
/* TODO: See if this will break FTP */
Index: modules/proxy/mod_proxy_http.c
===================================================================
--- modules/proxy/mod_proxy_http.c (revision 1844553)
+++ modules/proxy/mod_proxy_http.c (working copy)
@@ -1972,20 +1972,10 @@ static int proxy_http_handler(request_rec *r, prox
}
/* Step Three: Create conn_rec */
- if (!backend->connection) {
- if ((status = ap_proxy_connection_create_ex(proxy_function,
- backend, r)) != OK)
- break;
- /*
- * On SSL connections set a note on the connection what CN is
- * requested, such that mod_ssl can check if it is requested to do
- * so.
- */
- if (backend->ssl_hostname) {
- apr_table_setn(backend->connection->notes,
- "proxy-request-hostname",
- backend->ssl_hostname);
- }
+ if (!backend->connection &&
+ (status = ap_proxy_connection_create_ex(proxy_function,
+ backend, r)) != OK) {
+ break;
}
/* Step Four: Send the Request
Index: modules/http2/mod_proxy_http2.c
===================================================================
--- modules/http2/mod_proxy_http2.c (revision 1844553)
+++ modules/http2/mod_proxy_http2.c (working copy)
@@ -590,21 +590,12 @@ run_connect:
goto reconnect;
}
- if (!ctx->p_conn->data) {
- /* New conection: set a note on the connection what CN is
- * requested and what protocol we want */
- if (ctx->p_conn->ssl_hostname) {
- ap_log_cerror(APLOG_MARK, APLOG_TRACE1, status, ctx->owner,
- "set SNI to %s for (%s)",
- ctx->p_conn->ssl_hostname,
- ctx->p_conn->hostname);
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-hostname", ctx->p_conn->ssl_hostname);
- }
- if (ctx->is_ssl) {
- apr_table_setn(ctx->p_conn->connection->notes,
- "proxy-request-alpn-protos", "h2");
- }
+ if (!ctx->p_conn->data && ctx->is_ssl) {
+ /* New SSL connection: set a note on the connection about what
+ * protocol we want.
+ */
+ apr_table_setn(ctx->p_conn->connection->notes,
+ "proxy-request-alpn-protos", "h2");
}
}
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|