On Jul 22, 2011, at 9:26 PM, Brock Pytlik <[email protected]> wrote:
> On 07/22/11 16:07, Amol Chiplunkar wrote: >> On 07/19/11 08:56, Erik Trauschke wrote: >>> I think you are missing redirects from http://oc-4200m2-42:11000/IPS >>> to http://oc-4200m2-42:11000/IPS/ >> Thanks Erik, >> It was related. I removed the redirects altogether and just have a ProxyPass. >> It's working now. >> >> I can do a >> pkg set-publisher -G '*' -g http://Host:<http port> solaris >> >> We need to set this as an https reverse proxy.. >> I copied the apache server.crt and did a >> >> pkg set-publisher --approve-ca-cert=/export/home/ips-tryouts/server.crt >> solaris >> This works and the cert makes it to the right location. >> > --approve-ca-cert has nothing to do with SSL connections. It's used for > verifying package signatures. Can that verification happen even through the remote proxy ? I presume yes, and the cert has to be configured at the actual IPS repository level. Is that right ? Thanks Amol > > Brock > >> However, I would now expect >> pkg set-publisher -G '*' -g https://Host:<secure http port> solaris >> to work ! >> But it errors out saying >> Framework error: code: 35 reason: error:140770FC:SSL >> routines:SSL23_GET_SERVER_HELLO:unknown protocol >> >> Wondering if it's the right set of commands ? >> Is the approved-ca-cert meant to work with a reverse proxy in the first >> place ?? >> Because looking at the doc, it seems the cert has to be configured with the >> actual IPS repo. >> >> >> please suggest >> >> thx >> - Amol >> >> >> >> >>> Erik >>> >>> >>>> [Mon Jul 18 17:24:01 2011] [debug] mod_proxy_http.c(56): proxy: HTTP: >>>> canonicalising URL //oc-4200m2-42:11000/IPSversions/0/ >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(1506): [client ] proxy: >>>> http: found worker http://oc-4200m2-42:11000/IPS for >>>> http://oc-4200m2-42:11000/IPSversions/0/ >>>> [Mon Jul 18 17:24:01 2011] [debug] mod_proxy.c(993): Running scheme http >>>> handler (attempt 0) >>>> [Mon Jul 18 17:24:01 2011] [debug] mod_proxy_http.c(1966): proxy: HTTP: >>>> serving URL http://oc-4200m2-42:11000/IPSversions/0/ >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2011): proxy: HTTP: has >>>> acquired connection for (oc-4200m2-42) >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2067): proxy: connecting >>>> http://oc-4200m2-42:11000/IPSversions/0/ to oc-4200m2-42:11000 >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2193): proxy: connected >>>> /IPSversions/0/ to oc-4200m2-42:11000 >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2444): proxy: HTTP: fam >>>> 2 socket created to connect to oc-4200m2-42 >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2576): proxy: HTTP: >>>> connection complete to X.X.X.X:11000 (oc-4200m2-42) >>>> [Mon Jul 18 17:24:01 2011] [error] an unknown filter was not added: DEFLATE >>>> [Mon Jul 18 17:24:01 2011] [debug] mod_proxy_http.c(1736): proxy: start >>>> body send >>>> [Mon Jul 18 17:24:01 2011] [debug] mod_proxy_http.c(1840): proxy: end >>>> body send >>>> [Mon Jul 18 17:24:01 2011] [debug] proxy_util.c(2029): proxy: HTTP: has >>>> released connection for (oc-4200m2-42) >>>> >>>> >>>> >>>> _______________________________________________ >>>> pkg-discuss mailing list >>>> [email protected] >>>> http://mail.opensolaris.org/mailman/listinfo/pkg-discuss >>> >>> >> >> _______________________________________________ >> pkg-discuss mailing list >> [email protected] >> http://mail.opensolaris.org/mailman/listinfo/pkg-discuss > > _______________________________________________ > pkg-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/pkg-discuss _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
