On Thu, May 25, 2023 at 2:38 PM Josef Wolf <jw@xxxxxxxxxxxxx> wrote: > > I am trying to use apache as a proxy to pass requests to a https backend like this: > > <VirtualHost *:443> > > SSLProxyEngine on > ProxyPass /service/ https://backend.do.main:4434/service > ProxyPassReverse /service/ https://backend.do.main:4434/service > ProxyPassReverseCookiePath / /service/ > ProxyHTMLURLMap https://backend.do.main:4434/service /service > <Location /service/> > SetEnv force-proxy-request-1.0 1 > SetEnv proxy-nokeepalive 1 > SetEnv proxy-sendcl > ProxyHTMLEnable On > ProxyHTMLExtended On > LogLevel Debug > ProxyHTMLURLMap https://backend.do.main:4434/service/service/ > RequestHeader unset Accept-Encoding > AuthName "Application /service" > AuthType Basic > AuthUserFile /m/b/httpd/passwd > AuthGroupFile /m/b/httpd/group > Require group service > SSLRequireSSL > RequestHeader set Authorization "Basic 123456778" > RequestHeader set X_FORWARDED_PROTO 'https' > </Location> > > </VirtualHost> > > This works fine for http backends, but with https, I get following errors: I tried this configuration and it works for me. > > [Thu May 25 13:34:04.690666 2023] [ssl:error] [pid 2259] [remote 192.168.1.106:4434] AH01962: Unable to create a new SSL connection from the SSL context > [Thu May 25 13:34:04.690700 2023] [ssl:error] [pid 2259] SSL Library Error: error:140BA0C3:SSL routines:SSL_new:null ssl ctx Do you build httpd by yourself? Which OS / httpd / openssl version? It looks like httpd (mod_ssl) links/runs against an openssl version different from the one it's been built with. Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|