Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset > by peer: SSL input filter read failed. Stop debugging httpd, and figure out why tomcat is closing the connection unexpectedly. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi, can someone help? many thanks, Mauri 2010/7/2 Mauri > Hi Igor, > > thanks for the response, u have right about the order, i have changed it. > > for the ProxyPassreverse this directive is wrong? > > > > ProxyPassReverse https://itsmtest/ > ProxyHTMLEnable On > ProxyHTMLMeta On > ProxyHTMLURLMap / / > RequestHeaderunset Accept-Encoding > > > what I can change or do? > > many thanks for the support. > > Cheers, > Mauri > > > 2010/7/2 Igor Cicimov > > Hi, >> >> Using "ProxyRequests off" means the apache is going to be a reverse proxy >> but I can't see your ProxyPassreverse statement. Also the order of the proxy >> commands is little bit weird. I wold do it in this way: >> >> ProxyRequests off >> >> ProxyHTMLLogVerbose On >> ProxyPreserveHost On >> ProxyPass / https://10.10.0.1:8443/ >> ProxyPassReverse / https://10.10.0.1:8443/ >> ProxyHTMLURLMap https://itsmtest/ / >> >> Cheers, >> Igor >> >> >> On Fri, Jul 2, 2010 at 12:28 AM, Mauri wrote: >> >>> Hi expert, >>> >>> my application crashes (BMC Remedy) in the same point. >>> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996. >>> >>> In the apache log i'm reading this error: >>> >>> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O >>> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420] >>> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection >>> reset by peer: SSL input filter read failed. >>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] >>> (104)Connection reset by peer: proxy: error reading status line from remote >>> server 10.10.0.1, referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client >>> 10.173.202.231] proxy: NOT Closing connection to client although reading >>> from backend server 10.10.0.1 failed., referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error >>> reading from remote server returned by >>> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has >>> released connection for (10.10.0.1) >>> >>> What kind of check can I do? >>> >>> Many thanks for all suggest, as usual >>> Cheers, >>> Mauri >>> >>> this is my server: >>> >>> [r...@proxy1 httpd]# uname -a >>> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 >>> i386 GNU/Linux >>> [r...@proxy1 httpd]# rpm -qa | grep httpd >>> httpd-manual-2.2.3-31.el5_4.2 >>> system-config-httpd-1.3.3.3-1.el5 >>> httpd-2.2.3-31.el5_4.2 >>> httpd-devel-2.2.3-31.el5_4.2 >>> >>> this is my ssl.conf configuration: >>> >>> LoadModule ssl_module modules/mod_ssl.so >>> LoadFile /usr/lib/libxml2.so >>> LoadModule proxy_html_module modules/mod_proxy_html.so >>> LoadModule xml2enc_module modules/mod_xml2enc.so >>> >>> Listen 443 >>> AddType application/x-x509-ca-cert .crt >>> AddType application/x-pkcs7-crl.crl >>> SSLPassPhraseDialog builtin >>> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) >>> SSLSessionCacheTimeout 300 >>> SSLMutex default >>> SSLRandomSeed startup file:/dev/urandom 256 >>> SSLRandomSeed connect builtin >>> SSLCryptoDevice builtin >>> NameVirtualHost itsmtest:443 >>> >>> ServerName itsmtest >>> ErrorLog logs/ictitsm_ssl_error_log_443 >>> TransferLog logs/ictitsm_ssl_access_log_443 >>> LogLevel Debug >>> ProxyHTMLLogVerbose On >>> ProxyPreserveHost On >>> ProxyPass / https://10.10.0.1:8443/ >>> ProxyHTMLURLMap https://itsmtest/ / >>> ProxyRequests off >>> SetEnv force-proxy-request-1.0 1 >>> SetEnv proxy-nokeepalive 1 >>> SetEnv proxy-initial-not-pooled 1 >>> timeout 900 >>> >>> >>> ProxyPassReverse https://itsmtest/ >>> ProxyHTMLEnable On >>> ProxyHTMLMeta On >>> ProxyHTMLURLMap / / >>> RequestHeaderunset Accept-Encoding >>> >>> >>> SSLEngine on >>> SSLProxyEngine on >>> SSLProtocol all -SSLv2 >>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW >>> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt >>> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key >>> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer >>> >>> >>> SSLOptions +StdEnvVars >>> >>> >>> SSLOptions +StdEnvVars >>> >>> SetEnv proxy-nokeepalive 1 >>> SetEnvIf User-Agent ".*MSIE.*" \ >>> nokeepalive ssl-unclean-shutdown \ >>> downgrade-1.0 force-response-1.0 >>> CustomLog logs/ssl_request_log \ >>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >>> >> >> >> >
Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi Igor, thanks for the response, u have right about the order, i have changed it. for the ProxyPassreverse this directive is wrong? ProxyPassReverse https://itsmtest/ ProxyHTMLEnable On ProxyHTMLMeta On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding what I can change or do? many thanks for the support. Cheers, Mauri 2010/7/2 Igor Cicimov > Hi, > > Using "ProxyRequests off" means the apache is going to be a reverse proxy > but I can't see your ProxyPassreverse statement. Also the order of the proxy > commands is little bit weird. I wold do it in this way: > > ProxyRequests off > > ProxyHTMLLogVerbose On > ProxyPreserveHost On > ProxyPass / https://10.10.0.1:8443/ > ProxyPassReverse / https://10.10.0.1:8443/ > ProxyHTMLURLMap https://itsmtest/ / > > Cheers, > Igor > > > On Fri, Jul 2, 2010 at 12:28 AM, Mauri wrote: > >> Hi expert, >> >> my application crashes (BMC Remedy) in the same point. >> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996. >> >> In the apache log i'm reading this error: >> >> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O >> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420] >> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset >> by peer: SSL input filter read failed. >> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection >> reset by peer: proxy: error reading status line from remote server >> 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf >> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client >> 10.173.202.231] proxy: NOT Closing connection to client although reading >> from backend server 10.10.0.1 failed., referer: >> https://itsmtest/arsys/atrium/AtriumConsole.swf >> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error >> reading from remote server returned by >> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: >> https://itsmtest/arsys/atrium/AtriumConsole.swf >> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has >> released connection for (10.10.0.1) >> >> What kind of check can I do? >> >> Many thanks for all suggest, as usual >> Cheers, >> Mauri >> >> this is my server: >> >> [r...@proxy1 httpd]# uname -a >> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 >> i386 GNU/Linux >> [r...@proxy1 httpd]# rpm -qa | grep httpd >> httpd-manual-2.2.3-31.el5_4.2 >> system-config-httpd-1.3.3.3-1.el5 >> httpd-2.2.3-31.el5_4.2 >> httpd-devel-2.2.3-31.el5_4.2 >> >> this is my ssl.conf configuration: >> >> LoadModule ssl_module modules/mod_ssl.so >> LoadFile /usr/lib/libxml2.so >> LoadModule proxy_html_module modules/mod_proxy_html.so >> LoadModule xml2enc_module modules/mod_xml2enc.so >> >> Listen 443 >> AddType application/x-x509-ca-cert .crt >> AddType application/x-pkcs7-crl.crl >> SSLPassPhraseDialog builtin >> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) >> SSLSessionCacheTimeout 300 >> SSLMutex default >> SSLRandomSeed startup file:/dev/urandom 256 >> SSLRandomSeed connect builtin >> SSLCryptoDevice builtin >> NameVirtualHost itsmtest:443 >> >> ServerName itsmtest >> ErrorLog logs/ictitsm_ssl_error_log_443 >> TransferLog logs/ictitsm_ssl_access_log_443 >> LogLevel Debug >> ProxyHTMLLogVerbose On >> ProxyPreserveHost On >> ProxyPass / https://10.10.0.1:8443/ >> ProxyHTMLURLMap https://itsmtest/ / >> ProxyRequests off >> SetEnv force-proxy-request-1.0 1 >> SetEnv proxy-nokeepalive 1 >> SetEnv proxy-initial-not-pooled 1 >> timeout 900 >> >> >> ProxyPassReverse https://itsmtest/ >> ProxyHTMLEnable On >> ProxyHTMLMeta On >> ProxyHTMLURLMap / / >> RequestHeaderunset Accept-Encoding >> >> >> SSLEngine on >> SSLProxyEngine on >> SSLProtocol all -SSLv2 >> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW >> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt >> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key >> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer >> >> >> SSLOptions +StdEnvVars >> >> >> SSLOptions +StdEnvVars >> >> SetEnv proxy-nokeepalive 1 >> SetEnvIf User-Agent ".*MSIE.*" \ >> nokeepalive ssl-unclean-shutdown \ >> downgrade-1.0 force-response-1.0 >> CustomLog logs/ssl_request_log \ >> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >> > > >
Re: [us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi, Using "ProxyRequests off" means the apache is going to be a reverse proxy but I can't see your ProxyPassreverse statement. Also the order of the proxy commands is little bit weird. I wold do it in this way: ProxyRequests off ProxyHTMLLogVerbose On ProxyPreserveHost On ProxyPass / https://10.10.0.1:8443/ ProxyPassReverse / https://10.10.0.1:8443/ ProxyHTMLURLMap https://itsmtest/ / Cheers, Igor On Fri, Jul 2, 2010 at 12:28 AM, Mauri wrote: > Hi expert, > > my application crashes (BMC Remedy) in the same point. > This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996. > > In the apache log i'm reading this error: > > [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O > error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420] > [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset > by peer: SSL input filter read failed. > [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection > reset by peer: proxy: error reading status line from remote server > 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf > [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client > 10.173.202.231] proxy: NOT Closing connection to client although reading > from backend server 10.10.0.1 failed., referer: > https://itsmtest/arsys/atrium/AtriumConsole.swf > [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error > reading from remote server returned by > /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: > https://itsmtest/arsys/atrium/AtriumConsole.swf > [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has > released connection for (10.10.0.1) > > What kind of check can I do? > > Many thanks for all suggest, as usual > Cheers, > Mauri > > this is my server: > > [r...@proxy1 httpd]# uname -a > Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 > i386 GNU/Linux > [r...@proxy1 httpd]# rpm -qa | grep httpd > httpd-manual-2.2.3-31.el5_4.2 > system-config-httpd-1.3.3.3-1.el5 > httpd-2.2.3-31.el5_4.2 > httpd-devel-2.2.3-31.el5_4.2 > > this is my ssl.conf configuration: > > LoadModule ssl_module modules/mod_ssl.so > LoadFile /usr/lib/libxml2.so > LoadModule proxy_html_module modules/mod_proxy_html.so > LoadModule xml2enc_module modules/mod_xml2enc.so > > Listen 443 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl.crl > SSLPassPhraseDialog builtin > SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) > SSLSessionCacheTimeout 300 > SSLMutex default > SSLRandomSeed startup file:/dev/urandom 256 > SSLRandomSeed connect builtin > SSLCryptoDevice builtin > NameVirtualHost itsmtest:443 > > ServerName itsmtest > ErrorLog logs/ictitsm_ssl_error_log_443 > TransferLog logs/ictitsm_ssl_access_log_443 > LogLevel Debug > ProxyHTMLLogVerbose On > ProxyPreserveHost On > ProxyPass / https://10.10.0.1:8443/ > ProxyHTMLURLMap https://itsmtest/ / > ProxyRequests off > SetEnv force-proxy-request-1.0 1 > SetEnv proxy-nokeepalive 1 > SetEnv proxy-initial-not-pooled 1 > timeout 900 > > > ProxyPassReverse https://itsmtest/ > ProxyHTMLEnable On > ProxyHTMLMeta On > ProxyHTMLURLMap / / > RequestHeaderunset Accept-Encoding > > > SSLEngine on > SSLProxyEngine on > SSLProtocol all -SSLv2 > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt > SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key > SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > SetEnv proxy-nokeepalive 1 > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >
[us...@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi expert, my application crashes (BMC Remedy) in the same point. This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996. In the apache log i'm reading this error: [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420] [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset by peer: SSL input filter read failed. [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection reset by peer: proxy: error reading status line from remote server 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client 10.173.202.231] proxy: NOT Closing connection to client although reading from backend server 10.10.0.1 failed., referer: https://itsmtest/arsys/atrium/AtriumConsole.swf [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error reading from remote server returned by /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has released connection for (10.10.0.1) What kind of check can I do? Many thanks for all suggest, as usual Cheers, Mauri this is my server: [r...@proxy1 httpd]# uname -a Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux [r...@proxy1 httpd]# rpm -qa | grep httpd httpd-manual-2.2.3-31.el5_4.2 system-config-httpd-1.3.3.3-1.el5 httpd-2.2.3-31.el5_4.2 httpd-devel-2.2.3-31.el5_4.2 this is my ssl.conf configuration: LoadModule ssl_module modules/mod_ssl.so LoadFile /usr/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin NameVirtualHost itsmtest:443 ServerName itsmtest ErrorLog logs/ictitsm_ssl_error_log_443 TransferLog logs/ictitsm_ssl_access_log_443 LogLevel Debug ProxyHTMLLogVerbose On ProxyPreserveHost On ProxyPass / https://10.10.0.1:8443/ ProxyHTMLURLMap https://itsmtest/ / ProxyRequests off SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 SetEnv proxy-initial-not-pooled 1 timeout 900 ProxyPassReverse https://itsmtest/ ProxyHTMLEnable On ProxyHTMLMeta On ProxyHTMLURLMap / / RequestHeaderunset Accept-Encoding SSLEngine on SSLProxyEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnv proxy-nokeepalive 1 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"