RE: Problems with mod_ssl and mod_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Jan Luca Naumann [mailto:jan@xxxxxxxxxxxxxxxxx] 
> Sent: Tuesday, December 08, 2009 3:53 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject:  Problems with mod_ssl and mod_proxy
> 
> Hallo,
> 
> I have a problem with Apache Server (Apache/2.2.14 (Win32) 
> mod_ssl/2.2.14 OpenSSL/0.9.8k):
> 
> I want to set up that the server controll a client-cert and, 
> if it is OK, connect with a ProxyPass to the right server.
> 
> ...
> 
> <Proxy *>
> Order Deny,Allow
> Deny from all
> </Proxy> 
> 
> ProxyRequests Off
> 
> NameVirtualHost <My IP>:443
> 
> <VirtualHost <My IP>:443>
>     DocumentRoot "C:/Program Files/Webserver/Apache/htdocs"
>     ServerName <web address>
>     ServerAlias <My IP, for test>
> 
>     SSLEngine on
>     SSLCertificateFile <Path of the cert>
>     SSLCertificateKeyFile <Path of the key>
>     SSLCACertificateFile <Path of the CA-cert>
>     SSLVerifyClient require
>     SSLVerifyDepth  10
> 
>     ProxyPreserveHost On
>     ProxyPass / <end server>
>     ProxyPassReverse / <end server>
> </VirtualHost>
> 
> 
> When I connect to the server now, the browser loads some time 
> and then gives me a timeout. What do I wrong?

Break the problem into two parts and get the ProxyPass working before worrying about the SSL client verification. What happens if you comment out all the SSL stuff and try to get to the back-end server with a plain HTTP virtual host?

If that times out, what happens if you try to access the back-end directly (from a client that has TCP/IP access, obviously)?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> Viele Grüße
> Jan
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. 
The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux