Re: proxying SSL -> SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 04/10/2023 10:40, lejeczek wrote:
Hi guys.

I've sroogled & have found people suggesting working examples, I thought I had some notes but now I'm thinking I read that it should not work..
so I'm not sure what to think of this seemingly setup:

<VirtualHost siem.mine.priv:443>
  ServerAdmin webdev@xxxxxxxxx
  ServerName siem.mine.priv

  ErrorLog /var/log/httpd/siem.mine.priv-error_log
  CustomLog /var/log/httpd/siem.mine.priv-access_log common

  SSLProxyEngine on
  #SSLEngine on
  #SSLProxyVerify none
  #SSLProxyCheckPeerCN off
  SSLCertificateFile      /etc/pki/tls/certs/siem.mine.priv.crt
  SSLCertificateKeyFile   /etc/pki/tls/private/siem.mine.priv.key
  #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem
  #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem

  RequestHeader set X-Forwarded-Proto “https”
  RequestHeader set X-Forwarded-Port “443”

  ProxyRequests Off
  #ProxyPreserveHost on
  #ProxyPass         /  https://127.0.0.1:8443/
  #ProxyPassReverse  /  https://127.0.0.1:8443/

  <Location "/">
    # preserve Host header to avoid cross-origin problems
    ProxyPreserveHost on
    # proxy to
    ProxyPass         https://127.0.0.1:8443/
    ProxyPassReverse  https://127.0.0.1:8443/
  </Location>

</VirtualHost>

As you can see I've fiddle whit all those options in different combinations but nothing works for me.
Would you know how to fix or... perhaps you have Apache rev-proxying to Wazuh?

errors in log:
....
[Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 1069029:tid 1069198] (20014)Internal error (specific information not available): [client 10.3.9.144:46858] AH01084: pass request body failed to 127.0.0.1:8443 (127.0.0.1)
[Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 1069029:tid 1069198] [client 10.3.9.144:46858] AH00898: Error during SSL Handshake with remote server returned by /
[Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 1069029:tid 1069198] [client 10.3.9.144:46858] AH01097: pass request body failed to 127.0.0.1:8443 (127.0.0.1) from 10.3.9.144 ()

many thanks, L.
ought... sometimes systemctl's _reload_ will not do but "full" restart will

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux