On Tue, Feb 3, 2009 at 5:42 AM, Jake Vang <vangjake@xxxxxxxxxxxxxx> wrote: > Thanks for the link. I tried to implement it according to that site. > However, I keep getting a permission denied error. What do you have in the error log? > > Could this permission error be related to the fact that server1 and server2 > are both running on SSL? I am running Ubuntu 8.10, and I've already enabled > mod_proxy (a2enmod proxy). Is there any other module I need to enable? You might have to explicitely allow access to <Location /site2>, also proxing to ssl is not something that usually works out of the box. You have two options here. - Enable http on your site2 (in a way that only access from the other apache is permitted), or - setup SSLProxying. Apache can't proxy to https urls out of the box. You need to do some work. you need to add the following to your config. --- begin config --- # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. --- end config --- Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. (Remember that Apache is acting as a HTTPS client here) Once you've done that you need to run c_rehash in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. In order to test if everything is there you can do the following: openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443 if the conenction succeeds just try to do a GET /something/ HTH, Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|