Maybe a malforced ssl certificate
be sure that the pem file is formed as below: -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- Begin and end certificates sections are the CA and Intermediate CA certificates Be sure that you built the pem file without password. Regards 2013/7/18 Kieran Reynolds <[email protected]> > Hello.. > > I have the following configuration: > > > Internet -> Pound -> Varnish -> Apache(Drupal). > > My intention is to us Varnish to cache, and loadbalance across a number of > webheads for requests that cannot be cached. > > The reason for putting Pound on the outside edge, is to be the SSL > terminator. > > The problem I have run into, using either Pound 2.5.1 or 2.6.2 (From stock > Debian repositories) is that whist I can get the configuration to work, and > importantly, speed up page access (cached pages) on port 80, and have > tested this using apachebench, ab, the configuration of 443/SSL isn't going > quite so well. > > I have set this up as follows > > Pound (listen externalip:443) -> HTTP -> Varnish (127.0.0.1:8880) -> HTTP > -> Apache (127.0.0.20:80) > > When I run ab against the external interface, with the FQDN of the site, I > get SSL Read Error, Connection Closed, but I can't figure out why. > > I have tried to force various Cipher options, but still to no avail. > > Can anyone help me in solving this. > > P.S. - going to the site with a browser, there is no SSL issue (And this > site is using an EV certificate, and everything is nice and green as > expected.) > > > Relevant section of pound.cfg > > ListenHTTPS > Address 192.168.156.138 > Port 443 > Cert "/etc/pound/site1.pem" > SSLHonorCipherOrder 1 > Ciphers "AES128-SHA:RC4:AES:CAMELLIA128-SHA" > #:!ADH:!aNULL:!DH:!EDH:!eNULL:!LOW:!SSLv2:!EXP:!NULL" > #Ciphers "AES-128:RC4:AES-256:Camellia-128" > #Client 20 > > # set X-Forwarded-Proto so D7 knows we're behind an HTTPS proxy. > HeadRemove "X-Forwarded-Proto" > AddHeader "X-Forwarded-Proto:https" > Service > BackEnd > Address 127.0.0.1 > Port 8880 > #Port 443 > #HTTPS > #Priority 5 > End > End > End > > > TIA. > > Kieran > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): [email protected]
