|
Hello, I am trying to configure Apache 2.2 to allow act as an SSL accelerator with LDAP authentication and I'm having two issues. My first issue is I cannot get Apache to work as an SSL accelerator. My current configuration: NameVirtualHost site.system.com:443 <VirtualHost site.system.com:443> DocumentRoot "/mnt/data/remote" ServerName site.system.com SSLEngine On SSLCertificateFile /etc/key/cert.crt SSLCertificateKeyFile /etc/key/cert.key ProxyPass /app1/ http://srv1.system.com/app1/ ProxyPassReverse /app1/ http://srv1.system.com/app1/ ProxyHTMLURLMap http://srv1.system.com/app1 /app1 </VirtualHost> The above configuration works perfectly when it it is configured as a non-ssl site, and the reverse proxy works exactly as expected. When SSL is enabled as it is above, the links within pages for app1 are not re-written to be https:// and therefore it does not work. I have tried fiddling with the ProxyHTMLURLMap to no avail. Can anyone suggest where I am going wrong? My second question is with AuthLdap, and I think is a simple one. I'd like to secure my SSL accelerator using LDAP against Active Directory. This works as expected, but I was wondering if there was a way to specify authentication for the entire virtual host rather that repeating the same configuration in the directory and location blocks. Below is what hopefully my final configuration would look like once I figure out the SSL accelerator with reverse proxy issue above NameVirtualHost site.system.com:443 <VirtualHost site.system.com:443> DocumentRoot "/opt/site" ServerName site.system.com SSLEngine On SSLCertificateKeyFile /etc/key/file.key SSLCertificateChainFile /etc/key/file.crt ErrorLog /var/log/apache2/remote/error.log CustomLog /var/log/apache2/remote/access.log common Options -Indexes <Directory /*> AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "site.system.com" AuthLDAPURL "ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "user@xxxxxxxxxx" AuthLDAPBindPassword password require ldap-group DC=site,DC=com </Directory> #RewriteRule ^/app1$ app1/ [R] <Location /app1/> ProxyPass http://srv1/app1/ ProxyPassReverse http://srv1/app1/ #ProxyHTMLEnable On ProxyHTMLURLMap http://srv1/app1 /app1 </Location> #RewriteRule ^/app2$ app2/ [R] <Location /app2> AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "site.system.com" AuthLDAPURL "ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "user@xxxxxxxxxx" AuthLDAPBindPassword password require ldap-group DC=site,DC=com ProxyPass http://srv2/app2/ ProxyPassReverse http://srv2/app2/ #ProxyHTMLURLMap http://srv2/app2/ /app2/ #ProxyHTMLURLMap http://srv2/app2 /app2 </Location> </VirtualHost> Any suggestions are appreciated. Simon Live connected. Get Hotmail & Messenger for mobile. |
|