Re: [users@httpd] mod_proxy and SSL

Wed, 17 May 2006 21:48:41 -0700 

if youre doing a reverse proxy you probably shouldnt have ProxyRequests On

Sebastian Reitenbach wrote:

Hi,
I have an apache listening for SSL connections on port 443 behind a NAT firewall in the DMZ. Connections for one virtual host shall be reverse proxied to another host in the same DMZ, but it seems that I am unable to get it to work, for me it seems I must have missed sth. obvious. 

I tried this with mod_proxy:

SSLProxyEngine On
ProxyRequests On
AllowCONNECT 443
ProxyPass / https://10.0.0.2/
ProxyPassReverse / https://10.0.0.2/

then I receive the following error messages at the proxy:
[Wed May 17 17:07:18 2006] [error] SSL Proxy requested for webgis.rapideye.de:80 but not enabled [Hint: SSLProxyEngine] [Wed May 17 17:07:18 2006] [error] proxy: failed to enable ssl support for 10.0.0.2:443 (0.0.0.2) [Wed May 17 17:07:19 2006] [notice] child pid 28242 exit signal Segmentation fault (11)
because of the segmentation fault, I am not sure, whether it shall work that way or not, but I doubt it. 

with the SSLProxyEngine enabled:
SSLProxyEngine On
ProxyRequests On
AllowCONNECT 443
ProxyPass / https://10.0.0.2/
ProxyPassReverse / https://10.0.0.2/

I have this message in the error_log of the proxy:
[Wed May 17 17:09:55 2006] [error] (20014)Error string not specified yet: proxy: request failed to 10.10.10.2:443 (10.0.0.2) 
[Wed May 17 17:09:55 2006] [error] proxy: HTTP: previous connection is closed
[Wed May 17 17:09:55 2006] [error] (20014)Error string not specified yet: proxy: request failed to 10.0.0.2:443 (10.0.0.2) 

and this in the error_log of the apache behind the proxy:
[Wed May 17 19:07:17 2006] [error] [client 10.0.0.3] Invalid method in request \x80|\x01\x03\x01 [Wed May 17 19:07:17 2006] [error] [client 10.0.0.3] Invalid method in request \x80|\x01\x03\x01
with only these in the virtual host of the proxy, it is working, but only without HTTPS 

ProxyPass / http://10.0.0.2/
ProxyPassReverse / http://10.0.0.2/

Is there any way to access an HTTPS server behind a apache HTTPS proxy?

kind regards
Sebastian



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to