I asked this on the users mailing list and didn’t get any feedback so far, so i’ll forward it here. Maybe someone here has an idea… bugreport: https://bz.apache.org/bugzilla/show_bug.cgi?id=62837
Von: Stillhard, Dominik Gesendet: Dienstag, 16. Oktober 2018 12:44 An: us...@httpd.apache.org Betreff: [users@httpd] SNI extension for healthchecks [signed OK] Hello all I face the problem, that the sni extension is not set on healthcheck-requests to a backend using tls. Because healthchecks are negative, this leads to ordinary requests also beeing denied. on the backend server i have the following error: AH02033: No hostname was provided via SNI for a name based virtual host I’ve also investigated it with wireshark, the extionsion is defenitely not set. My config looks as follows: --------------------------------------------------------------------------------- Listen 127.0.0.1:443 ServerName www.localhost.com<http://www.localhost.com> <VirtualHost 127.0.0.1:443> ServerName www.localhost.com<http://www.localhost.com> ServerAlias localhost.com SSLCertificateFile /etc/httpd/ssl/ca.crt SSLCertificateKeyFile /etc/httpd/ssl/ca.key SSLEngine on SSLProxyEngine on ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/} ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get hcuri=/healthcheck.php <Proxy balancer://mycluster lbmethod=byrequests> BalancerMember https://127.0.0.1:8443 BalancerMember https://127.0.0.1:8444 ProxyPreserveHost On SSLProxyProtocol TLSv1 </Proxy> <Location /> ProxyPass balancer://mycluster/ ProxyPassReverse balancer://mycluster/ </Location> </VirtualHost> --------------------------------------------------------------------------------- I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the problem .. Am I missing something, or is this eventually a bug in mod_proxy_hcheck? Thanks in advance for help/ideas on this! Cheers Dominik
smime.p7s
Description: S/MIME cryptographic signature
