Re: [users@httpd] Re:mod_ssl and mod_proxy RPS config file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Re:mod_ssl and mod_proxy RPS config file
From: "Serge Dubrouski" <sergeyfd@xxxxxxxxx>
Date: Mon, 18 Sep 2006 17:01:30 -0500
Authentication-results: idunn.apache.osuosl.org header.from=sergeyfd@xxxxxxxxx; domainkeys=good
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <OF831D05C4.E56A2DDD-ON882571ED.0075C972-882571ED.0078066A@xxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <868cbbaa0609181347l2a149489na565f5b4705acd71@xxxxxxxxxxxxxx> <OF831D05C4.E56A2DDD-ON882571ED.0075C972-882571ED.0078066A@xxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

First of all. It sounds like your backend application support HTTPS
protocol only and you are trying to open access to it through HTTP.
Are you sure that you want exactly this? Most probably your backend
applications send redirects to HTTPS for any HTTP requests. And Apache
just proxying them to the client.

On 9/18/06, sniedermeyer@xxxxxxx <sniedermeyer@xxxxxxx> wrote:

I must admit I am new to Apache so there may be some obvious errors in our
reverse proxy server apache config...but here it is:

Listen *:80
Listen *:443

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_html_module modules/mod_proxy_html/mod_proxy_html.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so

ProxyRequests Off

NameVirtualHost *:80

<VirtualHost *:443>
      ServerName www.mydomain.com
      ServerAlias mydomain.com
      DocumentRoot "z:/Apache2/httpsdocs"
      <Directory "z:/apache2/httpsdocs">
            Options FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
      </Directory>
      SSLEngine on
      SSLProxyEngine on
      SSLCertificateFile z:/public.crt
      SSLCertificateKeyFile z:/private.key
      SSLCertificateChainFile z:/intermediate.crt
      ProxyPass /eConnect https://192.168.1.3:443/eConnect
      ProxyPassReverse /eConnect https://192.168.1.3:443/eConnect
</VirtualHost>

<VirtualHost *:80>
      ServerName www.mydomain.com
      ServerAlias mydomain.com
      DocumentRoot "z:/Apache2"
      <Directory "z:/Apache2">
            Options FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
      </Directory>
      #
      #Proxy settings for Web App #1
      #
      ProxyPass /audio http://192.168.1.1:3881/audio
      ProxyPassReverse /audio http://10.101.2.39:3881/audio

      #
      #Proxy settings for Web App #2
      #
      ProxyPass /PIRPressSummary http://192.168.1.2:3882/PIRPressSummary
      ProxyPassReverse /PIRPressSummary
http://192.168.1.2:3882/PIRPressSummary

      #
      #Proxy settings for Web App #3
      #
      ProxyPass /eConnect http://192.168.1.3:3883/eConnect
      ProxyPassReverse /eConnect http://192.168.1.3:3883/eConnect

      #
      #Proxy settings for Primary website content
      #
      ProxyPass / http://192.168.1.100/
      ProxyPassReverse / http://192.168.1.100/
</VirtualHost>

<VirtualHost *:80>
      ServerName www.myseconddomain.com
      ServerAlias myseconddomain.com *.myseconddomain.com
      DocumentRoot "z:/Apache2/myseconddomain"
      <Directory "z:/Apache2/myseconddomain">
            Options FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
      </Directory>
      ProxyPass / http://192.168.1.200:3342/
      ProxyPassReverse / http://192.168.1.200:3342/
</VirtualHost>


<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>


We get the SSL warning when trying to access Web App #3 while going from
HTTP section of the application to an HTTPS section and the URL from
http://www.mydomain.com/eConnect/ to http://192.168.1.3/eConnect/.  The
certificate warning references the cert issued to the subdomain assigned to
the Web App #3 server (subdomain.mydomain.com).  The IP address that
appears in the URL is the private IP of Web App #3 server.

____________________________
Steven Niedermeyer
Bellingham, WA


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- Re: [users@httpd] mod_ssl and mod_proxy
  - From: Serge Dubrouski
- [users@httpd] Re:mod_ssl and mod_proxy RPS config file
  - From: sniedermeyer

Prev by Date: Re: [users@httpd] Re:mod_ssl and mod_proxy RPS config file
Next by Date: Re: [users@httpd] Re:mod_ssl and mod_proxy RPS config file
Previous by thread: Re: [users@httpd] Re:mod_ssl and mod_proxy RPS config file
Next by thread: [users@httpd] duplicate emails
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]