Re: [CentOS] Problems with ProxyPass to a local ip (using SSL)

Mon, 29 Feb 2016 05:34:46 -0800 

On Mon 29.Feb'16 at 13:19:07 +0000, C. L. Martinez wrote:
> Hi all,
> 
>  I am trying to setup an apache virtualhost under CentOS 6.7 that needs to 
> redirects requests from port 444 to port 5100 in its local ip. But I am doing 
> some mistakes because every time I'm receiving a loop error.
> 
>  My actual httpd's config for this virtualhost is:
> 
> NameVirtualHost 192.168.1.5:444
> <VirtualHost 192.168.1.5:444>
>       ServerName myweb01.local.domain
>       ErrorLog logs/ssl_error.log
>       CustomLog logs/ssl_access.log combined
>       CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x 
> \"%r\" %b"
>       LogLevel info
>       SSLEngine on
>       SSLProxyEngine On
>       SSLProtocol -ALL +SSLv3 +TLSv1
>       SSLCipherSuite 
> ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
>       SSLCertificateFile /etc/httpd/certs/server.crt
>       SSLCertificateKeyFile /etc/httpd/certs/server.key
>       ProxyRequests Off
>       ProxyPreserveHost On
>       ProxyPass / http://192.168.1.5:5100/
>       ProxyPassReverse / http://192.168.1.5:5100/
>       RequestHeader set X-Forwarded-Proto "https"
>       RequestHeader set X-Forwarded-Port "444"
>       RewriteEngine On
>       RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]
> </VirtualHost>
> 
>  As you can see, I need to do a redirection to port 5100 from 444 port and 
> protect it using ssl.
> 
>  I've configured iptables rules to drop connections to port 5100 directly:
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 444 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
>  Any idea how to accomplish/resolve this?
> 
> Thanks.

More info in my ssl_error.log:

Mon Feb 29 14:32:06 2016] [info] [client 10.64.118.59] SSL handshake failed: 
HTTP spoken on HTTPS port; trying to send HTML error page
[Mon Feb 29 14:32:06 2016] [info] SSL Library Error: 336027804 
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP 
to HTTPS port!?


-- 
Greetings,
C. L. Martinez
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to