Re: Re: SSLProxyEngine config help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On Thu, Dec 17, 2009 at 9:45 PM, Todd Volkert <tvolkert@xxxxxxxxx> wrote:
>>
>> Ok, hopefully I'm not missing something stupid again...  I'm trying to
>> enable the SSL proxy engine for use in one of my virtual hosts, and though
>> it seems to accept my SSLProxyMachineCertificateFile upon startup, I get
>> gobledegook requests when trying to connect over HTTPS:
>>
>> Here is my server config:
>>
>> <VirtualHost *:443>
>>     ServerName www.foo.com
>>     ServerAlias localhost foo.com *.foo.com
>>
>>     SSLProxyEngine on
>>     SSLProxyMachineCertificateFile /etc/httpd/conf/proxy.pem
>>     ProxyRequests Off
>>
>>     <Proxy *>
>>         Order deny,allow
>>         Allow from all
>>     </Proxy>
>>
>>     ProxyPass / https://localhost:8443/
>>     ProxyPassReverse / https://localhost:8443/
>> </VirtualHost>
>>
>> Here is the output of the server logs upon startup:
>>
>> [Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper:
>> /usr/sbin/suexec)
>> [Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache is not configured
>> [hint: SSLSessionCache]
>> [Thu Dec 17 21:37:42 2009] [notice] Digest: generating secret for digest
>> authentication ...
>> [Thu Dec 17 21:37:42 2009] [notice] Digest: done
>> [Thu Dec 17 21:37:43 2009] [notice] Apache/2.2.9 (Unix) DAV/2
>> mod_ssl/2.2.9 OpenSSL/0.9.8b configured -- resuming normal operations
>>
>> Then when I run 'lynx https://localhost/foo.jsp', I get the following in
>> the httpd logs:
>>
>> ==> /etc/httpd/logs/access_log <==
>> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235
>> "-" "-"
>> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03" 501 1232 "-"
>> "-"
>>
>> And I get the following in the tomcat access logs:
>>
>> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1229
>> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1226
>>
>> Ring any bells?

Have you tried removing the ServerAlias directive? You can't use
Name-based Virtual Hosting with SSL anyway (without using SNI, which
you aren't) so they're redundant.

Cheers,
Phil.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux