Hi,
I am using OpenBDJam to run a service on OBD. I am having trouble
configuring apache SSL / Jetty. I'm guessing that this must be a very
common use-case (i.e. having an OpenBDJam powered site accessed over
SSL). I have tweaked lots of Apache and Jetty sessions but to no
avail....
Can anyone spot anything obvious:
In my Apache SSL virtual set up i have:
<VirtualHost *:443>
ServerName www.mysite.com
DocumentRoot /opt/openbdjam/webroot1/push20
DirectoryIndex index.html index.htm index.cfm
CustomLog /opt/openbdjam/logs/https_di_log combined env=!
object_is_image
ErrorLog /opt/openbdjam/logs/https_di_error_log
ScriptAlias /digin-cgi/ "/opt/openbdjam/webroot1/push20/digin-cgi/"
SSLEngine on
SSLProxyEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/share/ssl/certs/www.mysite.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/www.mysite.com.key
Options FollowSymLinks
XBitHack on
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +ExportCertData
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
# Set the permissions for the proxy
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass /digin-cgi/ !
ProxyPass / http://127.0.0.1:8442/push20/
ProxyPassReverse / http://127.0.0.1:8442/push20/
SetEnv proxy-nokeepalive 1
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule /CFIDE/?$ /CFIDE/ [PT,L]
RewriteRule /CFFormGateway/?$ /CFFormGateway/ [PT,L]
RewriteRule /privacy/?$ /privacy/ [PT,L]
# These two handle 'incorrect' aliases with trailing slash -
have to redirect
RewriteRule /([0-9]+)/$ /index.cfm?promotion=$1 [R]
RewriteRule /([A-Za-z-]+)/$ /index.cfm?alias=$1 [R]
# These two handle 'correct' aliases with no trailing slash - do
rewrite so the URL shown does not change
RewriteRule /([0-9]+)/?$ /index.cfm?promotion=$1 [PT]
RewriteRule /([A-Za-z-]+)/?$ /index.cfm?alias=$1 [PT]
</IfModule>
</VirtualHost>
and then in my Jetty.xml i have two Connectors:
<Call name="addConnector">
<Arg>
<New
class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">127.0.0.1</Set>
<Set name="port"><Property name="jetty.port"
default="8080"/></Set>
<Set name="forwarded">true</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSocketConnector">
<Set name="host">127.0.0.1</Set>
<Set name="port"><Property name="jetty.port" default="8443"/></
Set>
<Set name="forwarded">true</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="keystore">/var2/openbdjam/jre1.6.0_21/lib/security/
cacerts</Set>
<Set name="password">changeit</Set>
<Set name="keyPassword">changeit</Set>
<Set name="truststore">/var2/openbdjam/jre1.6.0_21/lib/
security/cacerts</Set>
<Set name="trustPassword">changeit</Set>
</New>
</Arg>
</Call>
In the Apache logs i see:
[Thu Dec 22 17:32:56 2011] [error] proxy: pass request body failed to
127.0.0.1:8443 (127.0.0.1) from 82.224.85.88 ()
[Thu Dec 22 17:32:56 2011] [error] (502)Unknown error 502: proxy: pass
request body failed to 127.0.0.1:8443 (127.0.0.1)
Please help!
Cheers
Lawrence
--
online documentation: http://openbd.org/manual/
google+ hints/tips: https://plus.google.com/115990347459711259462
http://groups.google.com/group/openbd?hl=en
