[EMAIL PROTECTED] Proxy a response from a Proxy Pass
Hello I currently have apache infront of a set of application servers of various type. I am using ProxyPass to keep them behind a firewall and to appear as one server. I use ProxyPassReverse as well. Unfortunately I have one case were I would like one app server to respond to a request (it is modifying a soap request) but instead of sending that out as the response I want apache to re-proxy this response to another server which will actually respond to the request and send it to the client machine. Is this possible to do with apache or should i have the internal server make the request of the second one? Thanks for any info you can give me -- Pat [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache 2.2.8, SNI, SSL and Virtual Hosts
Hello,
I have some virtual hosts and would like to run SSL with different
certificates on each. Having followed the following how-to,
http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and
rebuilding apache with SNI support, I am having some issues in that
domain2.com only returns the server.crt and not the one specified in my
rule.
Here are the relevant conf files and setup:
.
|-- httpd.conf
|-- magic
|-- modules.d
| |-- 00_apache_manual.conf
| |-- 00_default_settings.conf
| |-- 00_error_documents.conf
| |-- 00_languages.conf
| |-- 00_mod_autoindex.conf
| |-- 00_mod_info.conf
| |-- 00_mod_log_config.conf
| |-- 00_mod_mime.conf
| |-- 00_mod_status.conf
| |-- 00_mod_userdir.conf
| |-- 00_mpm.conf
| |-- 10_mod_mem_cache.conf
| |-- 12_mod_auth_mysql.conf
| |-- 27_mod_proxy_html.conf
| |-- 40_mod_ssl.conf
| |-- 45_mod_dav.conf
| |-- 46_mod_ldap.conf
| |-- 47_mod_dav_svn.conf
| |-- 70_mod_php5.conf
| |-- 75_mod_perl.conf
| |-- 80_mod_auth_pgsql.conf
| |-- 99_mod_security.conf
| |-- mod_security
| `-- postinst-en.txt
|-- ssl
| |-- domain_one.csr
| |-- domain_one.key
| |-- domain_one.crt
| |-- server.crt
| |-- server.key
| |-- domain_two.csr
| |-- domain_two.key
| `-- domain_two.crt
`-- vhosts.d
|-- 00_default_ssl_vhost.conf
|-- 00_default_vhost.conf
|-- domain_one.conf
`-- domain_two.conf
###
#domain_one.conf
VirtualHost *:80
ServerName domain_one.com
IfModule mod_rewrite.c
RewriteEngine On
RewriteRule ^/(.*)
http://domain_one.com:7080/VirtualHostBase/http/domain_one.com:80/sites/site1/VirtualHostRoot/$1
[L,P]
/IfModule
ErrorLog /var/log/apache2/domain_one_error.log
IfModule mod_log_config.c
CustomLog /var/log/apache2/domain_one_access.log combined
/IfModule
RewriteLog /var/log/apache2/domain_one_rewrite_log
/VirtualHost
IfDefine SSL
IfDefine SSL_DEFAULT_VHOST
IfModule ssl_module
VirtualHost *:443
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/domain_one.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_one.key
ServerName domain_one.com
SSLOptions StrictRequire
SSLProtocol all -SSLv2
IfModule mod_rewrite.c
RewriteEngine On
RewriteRule ^/(.*)
http://domain_one.com:7080/VirtualHostBase/https/domain_one.com:443/sites/site1/VirtualHostRoot/$1
[L,P]
/IfModule
IfModule mod_log_config.c
TransferLog /var/log/apache2/domain_one_ssl_access_log
/IfModule
IfModule mod_setenvif.c
SetEnvIf User-Agent .*MSIE.* nokeepalive
ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
/IfModule
IfModule mod_log_config.c
CustomLog /var/log/apache2/domain_one_ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/IfModule
/VirtualHost
/IfModule
/IfDefine
/IfDefine
###
#domain_two.conf
is the same as domain_one, with the only difference being the entries
for the RewriteRule
RewriteRule ^/(.*)
http://domain_two.com:7080/VirtualHostBase/https/domain_two.com:443/sites/site2/VirtualHostRoot/$1
[L,P]
and the
SSLCertificateFile /etc/apache2/ssl/domain_two.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_two.key
also the logs etc..
Now my issue is that everything seems to work OK for domain_one.com but
everytime I try to access domain_two.com I get the certificate for the
machine, that is server.ctr and not domain_two.ctr.
This is not the case in domain_one.com, where the correct certificate is
displayed.
Even if I put the certificate for domain_one, I get the server.crt
certificate showing.
Any ideas on how to solve this problem? And how to test SNI is working?
I have apache 2.2.8
Many thanks
Norman
% .join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26)
for c in ,adym,*)uzq^zqf ] )
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Re: Redirecting on a port other than 80 isn't working
The reason my setup wasn't working is that in order for httpd.conf to respond to port requests it has to be listening on port . Thus I would have needed to use the Listen 9080 command in order to respond to 9080 requests. However, there is a second problem. Google is currently sending some people to URL1:9080. I want to redirect requests from URL1:9080 to URL2:80. URL2 is itself redirected to port 9080. But that would be impossible. Since port 9080 is already in use and being served up by a non-Apache server, Apache cannot listen on that port. Rather, I need to move the non-Apache server to a new port other than 9080. Only then could Apache listen on 9080 and reroute incoming requests the new port. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.8, SNI, SSL and Virtual Hosts
What browser are you testing? The server may be working fine, but few browsers are SNI-capable. From the page you linked: Supported Browsers SNI has only recently gained support in browsers. The browsers that have been confirmed to support SNI by this author are: * Firefox 2.0.0.12 * Internet Explorer 7.0.5730.11 solprovider On 2/17/08, Norman Khine [EMAIL PROTECTED] wrote: Hello, I have some virtual hosts and would like to run SSL with different certificates on each. Having followed the following how-to, http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and rebuilding apache with SNI support, I am having some issues in that domain2.com only returns the server.crt and not the one specified in my rule. Even if I put the certificate for domain_one, I get the server.crt certificate showing. Any ideas on how to solve this problem? And how to test SNI is working? Norman - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.8, SNI, SSL and Virtual Hosts
I am testing this on FF 2.0.0.12 and Safari 3.0.3, I don't have access
to IE7
ON FF I get the right certificate for domain_one, but on the second site
I only get the test certificate of the server.
Is there a way to test SNI that is working correctly.
Thank you
Norman
[EMAIL PROTECTED] wrote:
What browser are you testing? The server may be working fine, but few
browsers are SNI-capable. From the page you linked:
Supported Browsers
SNI has only recently gained support in browsers. The browsers that
have been confirmed to support SNI by this author are:
* Firefox 2.0.0.12
* Internet Explorer 7.0.5730.11
solprovider
On 2/17/08, Norman Khine [EMAIL PROTECTED] wrote:
Hello,
I have some virtual hosts and would like to run SSL with different
certificates on each. Having followed the following how-to,
http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and
rebuilding apache with SNI support, I am having some issues in that
domain2.com only returns the server.crt and not the one specified in my
rule.
Even if I put the certificate for domain_one, I get the server.crt
certificate showing.
Any ideas on how to solve this problem? And how to test SNI is working?
Norman
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
% .join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26)
for c in ,adym,*)uzq^zqf ] )
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.8, SNI, SSL and Virtual Hosts
Eric Covener wrote: On Feb 17, 2008 8:37 AM, Norman Khine [EMAIL PROTECTED] wrote: Hello, I have some virtual hosts and would like to run SSL with different certificates on each. Having followed the following how-to, http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and rebuilding apache with SNI support, I am having some issues in that domain2.com only returns the server.crt and not the one specified in my rule. Your subject says 2.2.8; It doens't look like 2.2.8 has SNI support. Isn't SNI a new feature and 2.2.8 is the latest apache release. I am confused. Perhaps my issues are to do with the fact that I am doing a Rewrite as when I check the header that is sent to the client I get the Zope server details and not apache. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache 2.2.8, SNI, SSL and Virtual Hosts
On Feb 17, 2008 8:37 AM, Norman Khine [EMAIL PROTECTED] wrote: Hello, I have some virtual hosts and would like to run SSL with different certificates on each. Having followed the following how-to, http://gentoo-wiki.com/HOWTO_Apache_with_Name_Based_Hosting_and_SSL and rebuilding apache with SNI support, I am having some issues in that domain2.com only returns the server.crt and not the one specified in my rule. Your subject says 2.2.8; It doens't look like 2.2.8 has SNI support. -- Eric Covener [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Help! My apache httpd server cannot close thread
PingBad 写道: On Sunday 17 February 2008 20:02, 赵志桐 wrote: hello everybody My web server got a problem long time. It's cannot close finished httpd thread, i used ps -e to check server got a lot of httpd thread like following: 20292 ? 00:00:01 httpd 4912 ? 00:00:00 cronolog 4913 ? 00:00:00 cronolog 4914 ? 00:00:00 cronolog 4915 ? 00:00:00 cronolog 4916 ? 00:00:00 cronolog 4917 ? 00:00:00 cronolog 4918 ? 00:00:00 cronolog 4919 ? 00:00:00 httpd 4921 ? 00:00:00 httpd 4922 ? 00:00:01 java 4938 ? 00:00:02 httpd 4939 ? 00:00:03 httpd 4940 ? 00:00:00 httpd 4941 ? 00:00:00 httpd 4942 ? 00:00:00 httpd 4944 ? 00:00:01 httpd 4970 ? 00:00:00 httpd 4971 ? 00:00:02 httpd 4972 ? 00:00:02 httpd 4973 ? 00:00:00 httpd 4974 ? 00:00:00 httpd 4975 ? 00:00:00 httpd 4976 ? 00:00:00 httpd 4977 ? 00:00:00 httpd 4978 ? 00:00:00 httpd 4979 ? 00:00:00 httpd 4980 ? 00:00:00 httpd 4981 ? 00:00:00 httpd 4982 ? 00:00:00 httpd 4983 ? 00:00:00 httpd 4984 ? 00:00:00 httpd 4990 ? 00:00:00 httpd 4991 ? 00:00:00 httpd 4992 ? 00:00:00 httpd 4993 ? 00:00:00 httpd 4994 ? 00:00:00 httpd 4995 ? 00:00:00 httpd 4996 ? 00:00:00 httpd 5070 ? 00:00:00 httpd 5071 ? 00:00:00 httpd 5072 ? 00:00:00 httpd 5073 ? 00:00:00 httpd 5074 ? 00:00:00 httpd 5075 ? 00:00:00 httpd 5076 ? 00:00:00 httpd 5078 ? 00:00:00 httpd 5079 ? 00:00:01 httpd 5080 ? 00:00:00 httpd 5081 ? 00:00:00 httpd 5082 ? 00:00:00 httpd 5083 ? 00:00:00 httpd 5084 ? 00:00:00 httpd 5150 ? 00:00:00 httpd 5151 ? 00:00:00 httpd 5152 ? 00:00:00 httpd 5153 ? 00:00:00 httpd 5154 ? 00:00:00 httpd 5155 ? 00:00:00 httpd 5156 ? 00:00:00 httpd 5187 ? 00:00:00 httpd 5188 ? 00:00:00 httpd 5189 ? 00:00:00 httpd 5190 ? 00:00:00 httpd 5191 ? 00:00:00 httpd 5192 ? 00:00:00 httpd 5193 ? 00:00:00 httpd 8691 ? 00:00:00 httpd 8692 ? 00:00:01 httpd 8693 ? 00:00:01 httpd 8694 ? 00:00:00 httpd 8695 ? 00:00:00 httpd 8696 ? 00:00:00 httpd 8697 ? 00:00:00 httpd 8698 ? 00:00:00 httpd ... This server used PHP5.24 and Apache/2.0.63 the website write by PHP with mod_rewrite I have another server that environment same this one but haven't this problem. following is my server environment information: OS: Suse Linux 10 Web: PHP5.24 and Apache/2.0.63 The attachments is my httpd.conf and virtualhost.conf please help fix it , thanks a lot. In your config: IfModule prefork.c StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 /IfModule # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves IfModule worker.c StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 /IfModule # perchild MPM # NumServers: constant number of server processes # StartThreads: initial number of worker threads in each server process # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # MaxThreadsPerChild: maximum number of worker threads in each server process # MaxRequestsPerChild: maximum number of connections per server process IfModule perchild.c NumServers 5 StartThreads 5 MinSpareThreads 5 MaxSpareThreads 10 MaxThreadsPerChild 20 MaxRequestsPerChild 0 /IfModule That, in my opinion, is an insane amount of spare threads to have. Do you really need 25-75 spare threads for your workers? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ok, i know you meaning. i'll try to adjust spare threads. thanks. -- - Regards, Zachary . aBBISh - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Server Side Include (SSI) is slower than PHP ?
Hello, I am running Apache/2.2.6 on Windows XP, testing on a very simple include testes, e.g. SSI === !--#include virtual=modules/1.html -- !--#include virtual=modules/2.html -- !--#include virtual=modules/3.html -- !--#include virtual=modules/4.html -- !--#include virtual=modules/5.html -- PHP === ?php include(./modules/1.html); include(./modules/2.html); include(./modules/3.html); include(./modules/4.html); include(./modules/5.html); ? I was surprised that PHP is faster, i.e. ab -n 2000 -c 10 http://localhost/benchmark.php = 99 reqs/sec ab -n 2000 -c 10 http://localhost/benchmark.shtml = 61 reqs/sec my PHP version is 5.2.5, and even don't have any code cache libraries (e.g. APC/eA) installed. Is it normal? Howard - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [EMAIL PROTECTED] What's the best place to look when you get no answer?
-Original Message- From: Todd, David [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 9:31 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] What's the best place to look when you get no answer? On 2008Feb13 13:18 , Nick Kew [EMAIL PROTECTED] wrote: On Wed, 13 Feb 2008 13:08:53 -0500 Todd, David [EMAIL PROTECTED] wrote: My question is about the Location directive, and the ordering of them, with respect to Require directives and authorization. I've no idea what your question was. But if it got no answer, there's a strong chance it didn't make sense in the first place. Okay, let me restate it: If you have nested Locations: /foo/* and /foo/bar/*, and you need to have different htgroups controlling them, what configuration allows you to have the group permissions for /foo/bar/* override those for /foo/*? In other words, I want general access for /foo/*, except for certain directories which must have tighter access controls. If you are trying to have a nested hierarchy of basic authorization realms then that won't work. Basic auth is a single-layer mechanism and can't be nested. That is a feature of the protocol and not specific to apache. If it's something else, post your actual Location snippets so we can see what you're trying to do. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. My experience has been that of the ordering is to define the Location for /foo/*, then the Location for /foo/bar/*, then no access is given to /foo/bar/* at all. If the two are reversed, then it's as if the /foo/bar/* directive isn't there. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
