Sorry to email you directly but i am doing this to give you the complete
unedited config files. I don't want them on an indexed mailing list for
security reasons. Either you or i can post back to the list so others are aware
of the findings.
So i have made the namevirtualhost edit in my listen.conf file:
Listen 80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
# Listen 443
</IfModule>
</IfDefine>
</IfDefine>
# Use name-based virtual hosting
#
# - on a specified address / port:
#
#NameVirtualHost 12.34.56.78:80
#
# - name-based virtual hosting:
#
NameVirtualHost *:443
Here is the "main" ssl virtual host:
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost *:443>
#This will be the default vhost because the name starts with 000
# General setup for the virtual host
#DocumentRoot "/srv/www/htdocs"
ServerName teknerds.net:443
ServerAlias mail.* ifolder.*
#This rewrites https://mail.anydomain.tld to our mail server
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mail\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
#RedirectMatch ^/$ /zimbra/
#This rewrites https://mail.anydomain.tld to our mail server
#RewriteEngine On
#RewriteLog /var/log/apache2/rewrite.log
#RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^apps\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P]
#RedirectMatch ^/$ /rdweb/
RewriteCond %{HTTP_HOST} ^webmail\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
#This rewrites https://ifolder.anydomain.tld to our ifolder server
#RewriteCond %{HTTP_HOST} ^ifolder\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P]
#RedirectMatch ^/$ /ifolder/
#This rewrites https://share.anydomain.tld to our alfresco server
#RewriteCond %{HTTP_HOST} ^share\.
#RewriteCond %{HTTPS} on
#RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P]
#ServerAdmin webmas...@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /ifolder https://192.168.123.4/ifolder
ProxyPassReverse /ifolder https://192.168.123.4/ifolder
ProxyPass /simias10 https://192.168.123.4/simias10
ProxyPassReverse /simias10 https://192.168.123.4/simias10
ProxyPass /admin https://192.168.123.4/admin
ProxyPassReverse /admin https://192.168.123.4/admin
ProxyPass /nps https://192.168.123.4/nps
ProxyPassReverse /nps https://192.168.123.4/nps
#ProxyPass / https://192.168.124.3/
#ProxyPassReverse / https://192.168.124.3/
#<Proxy *>
# Order allow,deny
# Allow from all
#</Proxy>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
Here is the apps virtualhost file:
<VirtualHost *:443>
ServerName apps.teknerds.net
SSLEngine On
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
ProxyPass / https://192.168.123.7/rdweb
ProxyPassReverse / https://192.168.123.7/rdweb
ErrorLog /var/log/apache2/apps.error_log
TransferLog /var/log/apache2/apps.access_log
</VirtualHost>
With this present config, when going to https://apps.teknerds.net in IE 8,
internet explorer can not display the web page. The apps.error log does not
show anything in it except the certificate name not matching.
Also in this present config, webmail stops working and ifolder stops working. These are
in the "main" ssl virtualhost and you access them by https://mail.teknerds.net
and https://teknerds.net/ifolder. I am going to undo the listen.conf edit and rename the
apps ssl host file as we have customers that use these resources.
Should you want access to the server, i can supply that, just let me know.
Thanks for the help
----- Original Message -----
From: "Tom Evans" <tevans...@googlemail.com>
To: users@httpd.apache.org
Sent: Thursday, April 25, 2013 12:39:47 PM
Subject: Re: [users@httpd] Rewrite Rule
On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold
<carn...@electrichendrix.com> wrote:
On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote:
It looks like you are rewriting it to it's current location. This
leads to a loop.
Why are you using rewrite rules anyway?
Because reverse proxy does not work
...
The *only* way to get content from a backend is via reverse proxy.
It seems like you want to
reverse proxy from an apache server with a public IP to a backend
webserver in your private LAN. Where do rewrite rules come in to this?
Why are you checking the host name in your rewrite rules, instead of
using vhosts? Why is this not your configuration:
As I stated in an earlier post, apache does not start when more than 1 ssl
virtual host (complains about overlap)
Not using vhosts is frankly more trouble than it is worth. Use vhosts.
Post about the problem that using vhosts gives you. You must be using
the same certificate for both hostnames anyway (presumably a wildcard
cert or using subjectAltName, or you just ignore the errors?), so the
configuration should be pretty straightforward.
ServerName apps.tld
ProxyPass / https://192.168.123.7/
ProxyPassReverse / https://192.168.123.7/
We have many different things that run on this server and apache handles
them. When using "/" in your proxy config, everything stops working, email,
other websites etc.
So don't proxy from /, or add specific excludes for the paths you do
not want to be proxied:
ProxyPass /email !
ProxyPass / https://192.168.123.7/
Again, this problem goes away if you correctly separate out your
separate hosts into their own vhost configuration.
I'm very confused by what you're trying to achieve.
I covered this in my first email but will try to describe it again: server
behind an apache server that we need users to get to using
https://apps.domain.tld. The app resides at http:///sub. We need apache to
catch the https://apps.domain.tld request and send to https://another
server/sub
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
# All your current directives that apply to www
</VirtualHost>
<VirtualHost *:443>
ServerName apps.domain.tld
SSLEngine On
SSLCertificateFile ..
SSLCertificateKeyFile ..
ProxyPass / https://192.168.123.7/
ProxyPassReverse / https://192.168.123.7/
</VirtualHost>
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org