Reverse SSL Proxy in cluster Configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,
We're trying to mount a reverse proxy cluster using two apache severs (httpd v2.2.14) balanced by a hardware load balancer (CISCO). This balancer distribute the incoming requests to each reverse proxy. The implented system seems to work well with most of the applications but we have found some problems with an SSL application when somebody wants to upload files: the error 413 use to appears (not always): Request Entity Too Large. We have no clue about the problem. The thing is with only one server active of the cluster the application works perfectly. The configuration is shared between proxys and the reverse-proxy is implemented using name virtual hosts. 

Any idea?

Regards,

Regards,

Manuel Vicente.



VirtualHost Configuration

<VirtualHost *:443>
       ServerName plataform-temp.example.com:443

       ErrorLog "/usr/local/apache2/logs/error_plataform_ssl.log"
CustomLog "/usr/local/apache2/logs/access_plataform_ssl.log" combined 

       KeepAlive On
       KeepAliveTimeOut 15

       Include conf/ssl.conf
       <Location />

               SSLRequireSSL
               SSLVerifyClient require
               SSLVerifyDepth 1
               SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
               SSLOptions +ExportCertData +OptRenegotiate

               #Weblogic module configuration

               SetHandler weblogic-handler
               WebLogicHost sxpa1.example.com
               WebLogicPort 8057
               MatchExpression *.jsp
               PathPrepend /siplex/
       </Location>
</VirtualHost>

ssl.conf:

SSLEngine On
SSLProxyEngine On
<Directory />
  SSLRequireSSL
</Directory>

SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/wildcard.pem
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/wildcard.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle.crt

SSLOptions +FakeBasicAuth +StrictRequire
SSLVerifyClient none


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux