Re: Reverse Proxy https to http

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I dont know why, but when I copy paste my virtualhost info from
httpd.conf and put in ssl.conf like you it works??!!

thx

On Thu, Apr 22, 2010 at 9:01 AM, Mauri <lain80@xxxxxxxxx> wrote:
>
> u can investigate on the version. I have this: httpd-2.2.3-31
>
> Please see at ssl.conf top:
> ================================================
> LoadModule ssl_module modules/mod_ssl.so
> LoadFile   /usr/lib/libxml2.so
> LoadModule proxy_html_module modules/mod_proxy_html.so
> LoadModule xml2enc_module modules/mod_xml2enc.so
> ================================================
>
> have u load this module?
>
>
> 2010/4/22 GB GB <gbcyoyo@xxxxxxxxx>
>>
>> The version I am using is
>> Server version: Apache/2.0.54
>> Server built:   Sep 23 2005 15:28:48
>>
>>  ProxyHTMLURLMap doesn't work with what I am using.....
>>
>>
>> On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lain80@xxxxxxxxx> wrote:
>> > Hi GB.
>> >
>> > I have a similar solution.
>> >
>> > Client --> https://mysite.com --> proxy --> http://backend.
>> >
>> > the url in the client broswer is https://mysite.com.
>> >
>> > this is my /etc/httpd/conf.d/ssl.conf:
>> >
>> >
>> >
>> > LoadModule ssl_module modules/mod_ssl.so
>> > LoadFile   /usr/lib/libxml2.so
>> > LoadModule proxy_html_module modules/mod_proxy_html.so
>> > LoadModule xml2enc_module modules/mod_xml2enc.so
>> > Listen 443
>> > AddType application/x-x509-ca-cert .crt
>> > AddType application/x-pkcs7-crl    .crl
>> > SSLPassPhraseDialog  builtin
>> > SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
>> > SSLSessionCacheTimeout  300
>> > SSLMutex default
>> > SSLRandomSeed startup file:/dev/urandom  256
>> > SSLRandomSeed connect builtin
>> > SSLCryptoDevice builtin
>> >
>> > NameVirtualHost mysite.com:443
>> > <VirtualHost mysite.com:443>
>> > ServerName mysite.com
>> > ProxyRequests off
>> > ProxyPass / https://10.173.90.167:8443/
>> > ProxyHTMLURLMap https://10.173.90.167:8443 /
>> > <Location />
>> >         ProxyPassReverse https://10.173.90.167:8443/
>> >         ProxyHTMLEnable On
>> >         ProxyHTMLURLMap  /      /
>> >         RequestHeader    unset  Accept-Encoding
>> > </Location>
>> >
>> > SSLEngine on
>> > SSLProxyEngine on
>> > SSLProtocol all -SSLv2
>> > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>> > SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
>> > SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
>> > SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
>> >
>> > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> >     SSLOptions +StdEnvVars
>> > </Files>
>> > <Directory "/var/www/cgi-bin">
>> >     SSLOptions +StdEnvVars
>> > </Directory>
>> > SetEnvIf User-Agent ".*MSIE.*" \
>> >          nokeepalive ssl-unclean-shutdown \
>> >          downgrade-1.0 force-response-1.0
>> > CustomLog logs/ssl_request_log \
>> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>> > </VirtualHost>
>> >
>> >
>> >
>> >
>> >
>> >
>> > 2010/4/22 GB GB <gbcyoyo@xxxxxxxxx>
>> >>
>> >> Basically what goes on when the user types in https://mydomain.com/lsw
>> >> he gets an authentification page from the backend application. Once he
>> >>  enters his credentials, I notice a POST in the apache logs.
>> >>
>> >> This is what the user types in:
>> >> https://mydomain.com/lsw/clientele/gen/authentification.jsp
>> >> he enters his credentials, then a POST appears in the log :
>> >> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302
>> >>
>> >> and in the browser I get the following: The connection has timed out
>> >>
>> >>
>> >>
>> >> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>> >>
>> >> the above link doesn't work because its http rather than https!!
>> >>
>> >> If I add the "s" manually
>> >>
>> >>
>> >> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>> >>  then it works.
>> >>
>> >> 1)So how can I force the protocole to remain https once the client
>> >> does a POST.....
>> >> 2)I have noticed in many examples that people use PreserveHost on, in
>> >> my case, if activate
>> >> PreserveHost on then I cant even get the first page to work:
>> >>
>> >> Thx in advance
>> >>
>> >>
>> >>
>> >>
>> >> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
>> >> <krist.vanbesien@xxxxxxxxx> wrote:
>> >> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcyoyo@xxxxxxxxx> wrote:
>> >> >
>> >> >
>> >> >
>> >> >> #this for some reason becomes http from client perspective
>> >> >> #PreserveHost on does not work with lsw, so I disabled it....
>> >> >> RewriteRule       ^/lsw(.*)$    http://backend2.ca:8082/lsw$1
>> >> >> [NC,P,L]
>> >> >> ProxyPassReverse  /lsw          http://backend2.ca:8082/lsw
>> >> >> Redirect permanent /lsw https://mydomain.com/lsw
>> >> >
>> >> > First of all: Remove the "Redirect Permanent". It's not needed (as
>> >> > this virtualhost only gets https requests anyway) and confuses. If
>> >> > you
>> >> > want to make sure that people who accidentaly land on the http site
>> >> > get redirected to https you need to put a redirect in the http
>> >> > virtual
>> >> > host.
>> >> >
>> >> > Secondly: Look at what your backend produces. It is very well
>> >> > possible
>> >> > that it passes html pages back to the client that contain http://
>> >> > style URLs. RewriteRule only operates on request URLs,
>> >> > ProxyPassReverse only on redirects passed back. The content passed
>> >> > back by the backend is not modified.
>> >> >
>> >> > HTH,
>> >> >
>> >> > Krist
>> >> >
>> >> > --
>> >> > krist.vanbesien@xxxxxxxxx
>> >> > krist@xxxxxxxxxxxxx
>> >> > Bremgarten b. Bern, Switzerland
>> >> > --
>> >> > A: It reverses the normal flow of conversation.
>> >> > Q: What's wrong with top-posting?
>> >> > A: Top-posting.
>> >> > Q: What's the biggest scourge on plain text email discussions?
>> >> >
>> >> > ---------------------------------------------------------------------
>> >> > The official User-To-User support forum of the Apache HTTP Server
>> >> > Project.
>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> >   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >> >
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> The official User-To-User support forum of the Apache HTTP Server
>> >> Project.
>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux