Re: RE: [users@httpd] ReverseProxy and SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

My configuration looks like this:

Listen 10.69.227.58:80
NameVirtualHost 10.69.227.58:80

<VirtualHost 10.69.227.58:80>
    SSLProxyEngine on
    ServerName www.apache.site.nl

    RewriteEngine On

    ProxyHTMLLogVerbose On
    LogLevel Debug

    ProxyPreserveHost Off

    ProxyPass / https://www.test.site.nl/
    ProxyHTMLURLMap http://www.apache.site..nl/ /

    <Location />
        ProxyPassReverse /
        RequestHeader unset Accept-Encoding
    </Location>
</VirtualHost>

Br,

Sarris	


> Van: "Boyle Owen" <Owen.Boyle@xxxxxxx>
> Aan: users@xxxxxxxxxxxxxxxx
> Onderwerp: RE: [users@httpd] ReverseProxy and SSL
> BCC: Thu, 10 Mar 2005 11:51:38 +0100

> <pre>> -----Original Message-----
> > From: Sarris Overbosch [mailto:soverbosch@xxxxxxxx]
> > Sent: Donnerstag, 10. März 2005 10:32
> > To: apachelist 
> > Subject: Re: RE: RE: [users@httpd] ReverseProxy and SSL
> > > 
> > > - request :apache-site/servlet  -> returns page containing form
> > > - request :apache-site/servlet?query-string  -> returns 
> > redirect to "funny" URL
> > > 
> > > > it looks like this:
> > > >  
> > > > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > > > 
> 
> I think we need to see how you configure the apache proxy. Do you have something like:
> 
> ProxyPass / https://tomcat-server/
> 
> or do you use mod_rewrite in proxy mode, eg:
> 
> RewriteRule (.*) https://tomcat-server/$1 [P]
> 
> Which?
> 
> 
> >  When I use a browser and 
> > connect directly to the tomcat server everything just works fine.
> 
> Even when you submit data in the form? (We know a request for an empty form works OK).
> 
> >  Wouldn't apache put it in the log 
> > when the Tomcat server sends a redirect message in its response?
> 
> Actually, now that I think about it, apache should resolve the redirect before replying to the client. Apache only logs what it sends to the client, not anything about its communications with proxies, eg:
> 
> - client requests apache
> - apache proxies request to tomcat
> - tomcat responds with redirect to apache
> - apache requests new URL to tomcat
> - tomcat serves response to apache
> - apache serves response to client and logs it.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> > 
> > > 
> > > I guess you mean that the Tomcat server is listening on 
> > port 80 (plain HTTP) but redirects you to port 443 (HTTPS). 
> > This is a typical setup for a server which wants to be 
> > available on HTTP but to serve content via HTTPS.
> > 
> > The tomcat server is only listening on port 443, would be 
> > nice to have it also listeing on port 80 to test the 
> > connection without ssl....maybe it will work then
> > 
> > > I think the servlet (or rather, the server config in front 
> > of it) is *certainly* redirecting. You need to get a client 
> > talking directly to Tomcat to prove this, then you need to fix Tomcat.
> > 
> > I did and it just works fine :S
> > 
> > > 
> > > On a general point, is there any reason why you need HTTPS 
> > between apache and tomcat? If you then pass the data over 
> > plain HTTP to the client (which is what a proxy does) then it 
> > is unecrypted on the apache-client hop. This would only make 
> > sense if Tomcat was out on the internet, apache was in your 
> > DMZ and all the clients were internal (like in a corporate 
> > LAN). Is this the setup?
> > 
> > Yes, our broadvision is in our EZ and the apache server is in our DMZ.
> > 
> > Br,
> > 
> > Sarris
> > > 
> > > Rgds,
> > > Owen Boyle
> > > Disclaimer: Any disclaimer attached to this message may be 
> > ignored.  
> > > > 
> > > > Does this clarify my question?
> > > > 
> > > > Br,
> > > > 
> > > > Sarris
> > > > 
> > > > 	
> > > > 
> > > > 
> > > > > Van: "Boyle Owen" <owen.boyle@xxxxxxx>
> > > > > Aan: users@xxxxxxxxxxxxxxxx
> > > > > Onderwerp: RE: [users@httpd] ReverseProxy and SSL
> > > > > BCC: Wed, 9 Mar 2005 17:16:32 +0100
> > > > 
> > > > > <pre>Plain text please...
> > > > > 
> > > > > 
> > > > > You've got two webservers, a java servlet engine, a mixture 
> > > > of HTTP and
> > > > > HTTPS and you're doing reverse proxying. And you describe 
> > > > it all in two
> > > > > sentences?
> > > > > 
> > > > > I would need at least a circuit diagram before I could 
> > > > begin to guess
> > > > > what's wrong...
> > > > > 
> > > > > Rgds,
> > > > > Owen Boyle
> > > > > Disclaimer: Any disclaimer attached to this message may 
> > be ignored. 
> > > > >  
> > > > > -----Original Message-----
> > > > > From: Sarris Overbosch [mailto:soverbosch@xxxxxxxx]
> > > > > Sent: Mittwoch, 9. März 2005 17:09
> > > > > To: apachelist 
> > > > > Subject: [users@httpd] ReverseProxy and SSL
> > > > > 
> > > > > 
> > > > > Hi,
> > > > > 
> > > > > I've configured apache to act as an reverse proxy to an 
> > https site
> > > > > (https://www.test.site.nl) I connect to the apache using the url
> > > > > <a  target="_blank"  target="_blank" 
> > > > href=<a  target="_blank" 
> > href=<a href=http://www.apache.site.nl.>http://www.apache.site.nl.</a>>http://www.apache.site.nl.>http://www.apache.site.nl.</a></a>> ><a href=http://www.apache.site.nl.>http://www.apache.site.nl.</a></a>>http://www.apache.site.nl.>http://www.apache.site.nl.</a></a></a>> >  When I do a request to a simple jsp page it
> > > > > will work fine, on this jsp page is a form, when I submit 
> > > > this form I
> > > > > get a real strange url back, it looks like this:
> > > > > 
> > > > > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > > > > 
> > > > > As you notice I do a http request and get an https request 
> > > > back, i'm not
> > > > > sure why this is happening. The action which is connected 
> > > > to the form is
> > > > > a servlet which may (or may not) do I redirect which causes this
> > > > > problem. Has anyone out there had this problem and if yes 
> > > > how did you
> > > > > solve that?
> > > > > 
> > > > > Br,
> > > > > 
> > > > > Sarris
> > > > > 
> > > > > 
> > > > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over 
> > > > de kwaliteit
> > > > > van onze Canon printers dat wij u de mogelijkheid bieden 
> > > > deze GRATIS te
> > > > > proberen.
> > > > > 
> > > > > This message is for the named person's use only. It may contain
> > > > > confidential, proprietary or legally privileged information. No
> > > > > confidentiality or privilege is waived or lost by any 
> > > > mistransmission.
> > > > > If you receive this message in error, please notify the 
> > > > sender urgently
> > > > > and then immediately delete the message and any copies of 
> > > > it from your
> > > > > system. Please also immediately destroy any hardcopies of 
> > > > the message.
> > > > > You must not, directly or indirectly, use, disclose, 
> > > > distribute, print,
> > > > > or copy any part of this message if you are not the 
> > > > intended recipient.
> > > > > The sender's company reserves the right to monitor all e-mail
> > > > > communications through their networks. Any views 
> > expressed in this
> > > > > message are those of the individual sender, except 
> > where the message
> > > > > states otherwise and the sender is authorised to state them 
> > > > to be the
> > > > > views of the sender's company. 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > 
> > ---------------------------------------------------------------------
> > > > > The official User-To-User support forum of the Apache HTTP 
> > > > Server Project.
> > > > > See <url:<a 
> > > > href=<a  target="_blank" 
> > href=<a href=http://httpd.apache.org/user>http://httpd.apache.org/user>http://httpd.apache.org/user>http://httpd.apache.org/user</a>><a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>>>http://httpd.apache.org/user>http://httpd.apache.org/user</a>></a></a>rslist.html> for more info.
> > > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > > > 
> > > > 
> > > > </pre>
> > > 
> > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de 
> > > kwaliteit van onze Canon printers dat wij u de mogelijkheid 
> > > bieden deze GRATIS te proberen. - 
> > > <a  target="_blank" href=<a href=http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>>>http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>></a>
> > > 
> > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
> > 
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <url:<a href=<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html>>http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html></a>for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> > </pre>
> 
> Download nu Lycos Inside! Bekijk al je berichten in Outlook en zet je documenten online!  Ga snel naar mail.lycos.nl
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <url:<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> </pre>

Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de kwaliteit van onze Canon printers dat wij u de mogelijkheid bieden deze GRATIS te proberen. - http://www.yourprint.canon-europe.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux