Re: Problems with ProxyPass to a local ip (using SSL)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon 29.Feb'16 at 13:19:07 +0000, C. L. Martinez wrote:
> Hi all,
> 
>  I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error.
> 
>  My actual httpd's config for this virtualhost is:
> 
> NameVirtualHost 192.168.1.5:444
> <VirtualHost 192.168.1.5:444>
> 	ServerName myweb01.local.domain
> 	ErrorLog logs/ssl_error.log
> 	CustomLog logs/ssl_access.log combined
> 	CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 	LogLevel info
> 	SSLEngine on
> 	SSLProxyEngine On
> 	SSLProtocol -ALL +SSLv3 +TLSv1
> 	SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
> 	SSLCertificateFile /etc/httpd/certs/server.crt
> 	SSLCertificateKeyFile /etc/httpd/certs/server.key
> 	ProxyRequests Off
> 	ProxyPreserveHost On
> 	ProxyPass / http://192.168.1.5:5100/
> 	ProxyPassReverse / http://192.168.1.5:5100/
> 	RequestHeader set X-Forwarded-Proto "https"
> 	RequestHeader set X-Forwarded-Port "444"
> 	RewriteEngine On
> 	RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]
> </VirtualHost>
> 
>  As you can see, I need to do a redirection to port 5100 from 444 port and protect it using ssl.
> 
>  I've configured iptables rules to drop connections to port 5100 directly:
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 444 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
>  Any idea how to accomplish/resolve this?
> 
> Thanks.

More info in my ssl_error.log:

Mon Feb 29 14:32:06 2016] [info] [client 10.64.118.59] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Mon Feb 29 14:32:06 2016] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?


-- 
Greetings,
C. L. Martinez
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux