Hi, what is your enviroment layout ? SSL which webproxy or ssl in apache withou webproxy?
2015-01-21 16:25 GMT-02:00 Chris Arnold <[email protected]>: > > ________________________________________ > From: Chris Arnold <[email protected]> > Sent: Tuesday, January 20, 2015 9:07 PM > To: [email protected] > Subject: RE: [users@httpd] Proxy pass > > > Is there something extra for this to work on Apache 2.4.10? > > >>Compared to what previous level? LogLevel rewrite:trace8 and the > >>error log would be a big help. > > [Wed Jan 21 12:50:06.446776 2015] [ssl:info] [pid 3225] [client > 192.168.123.165:50268] AH01964: Connection to child 0 established (server > share2.domain.tld:443) > [Wed Jan 21 12:50:06.447167 2015] [ssl:info] [pid 3227] [client > 192.168.123.165:50269] AH01964: Connection to child 2 established (server > share2.domain.tld:443) > [Wed Jan 21 12:50:06.447741 2015] [ssl:debug] [pid 3225] > ssl_engine_kernel.c(1908): [client 192.168.123.165:50268] AH02043: SSL > virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.448112 2015] [ssl:debug] [pid 3227] > ssl_engine_kernel.c(1908): [client 192.168.123.165:50269] AH02043: SSL > virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.497089 2015] [ssl:debug] [pid 3225] > ssl_engine_kernel.c(1841): [client 192.168.123.165:50268] AH02041: > Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.511149 2015] [ssl:debug] [pid 3227] > ssl_engine_kernel.c(1841): [client 192.168.123.165:50269] AH02041: > Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.511272 2015] [ssl:info] [pid 3225] (70014)End of file > found: [client 192.168.123.165:50268] AH01991: SSL input filter read > failed. > [Wed Jan 21 12:50:06.511349 2015] [ssl:debug] [pid 3225] > ssl_engine_io.c(1003): [client 192.168.123.165:50268] AH02001: Connection > closed to child 0 with standard shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.515121 2015] [ssl:info] [pid 3227] (70014)End of file > found: [client 192.168.123.165:50269] AH01991: SSL input filter read > failed. > [Wed Jan 21 12:50:06.515245 2015] [ssl:debug] [pid 3227] > ssl_engine_io.c(1003): [client 192.168.123.165:50269] AH02001: Connection > closed to child 2 with standard shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.531492 2015] [ssl:info] [pid 3229] [client > 192.168.123.165:50270] AH01964: Connection to child 4 established (server > share2.domain.tld:443) > [Wed Jan 21 12:50:06.532326 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(1908): [client 192.168.123.165:50270] AH02043: SSL > virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.583291 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(1841): [client 192.168.123.165:50270] AH02041: > Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.606116 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(243): [client 192.168.123.165:50270] AH02034: Initial > (No.1) HTTPS request received for child 4 (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.606184 2015] [rewrite:trace2] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] init rewrite > engine with requested uri / > [Wed Jan 21 12:50:06.606198 2015] [rewrite:trace3] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] applying > pattern '^/(.*)' to uri '/' > [Wed Jan 21 12:50:06.606232 2015] [rewrite:trace4] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: > input='share2.domain.tld' pattern='^share2\\.' => matched > [Wed Jan 21 12:50:06.606246 2015] [rewrite:trace4] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: > input='on' pattern='on' => matched > [Wed Jan 21 12:50:06.606257 2015] [rewrite:trace4] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: > input='/' pattern='!^/share2/' => matched > [Wed Jan 21 12:50:06.606267 2015] [rewrite:trace2] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] rewrite '/' > -> 'https://share2.domain.tld:8443/share/' > [Wed Jan 21 12:50:06.606278 2015] [rewrite:trace2] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] forcing > proxy-throughput with https://share2.domain.tld:8443/share/ > [Wed Jan 21 12:50:06.606289 2015] [rewrite:trace1] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] go-ahead > with proxy request proxy:https://share2.domain.tld:8443/share/ [OK] > [Wed Jan 21 12:50:06.606312 2015] [authz_core:debug] [pid 3229] > mod_authz_core.c(828): [client 192.168.123.165:50270] AH01628: > authorization result: granted (no directives) > [Wed Jan 21 12:50:06.606375 2015] [proxy:debug] [pid 3229] > mod_proxy.c(1155): [client 192.168.123.165:50270] AH01143: Running scheme > https handler (attempt 0) > [Wed Jan 21 12:50:06.606388 2015] [proxy:debug] [pid 3229] > proxy_util.c(2131): AH00942: HTTPS: has acquired connection for (*) > [Wed Jan 21 12:50:06.606401 2015] [proxy:debug] [pid 3229] > proxy_util.c(2184): [client 192.168.123.165:50270] AH00944: connecting > https://share2.domain.tld:8443/share/ to share2.domain.tld:8443 > [Wed Jan 21 12:50:06.606447 2015] [proxy:debug] [pid 3229] > proxy_util.c(2385): [client 192.168.123.165:50270] AH00947: connected > /share/ to share2.domain.tld:8443 > [Wed Jan 21 12:50:06.606540 2015] [proxy:debug] [pid 3229] > proxy_util.c(2873): AH00962: HTTPS: connection complete to > 192.168.123.200:8443 (share2.domain.tld) > [Wed Jan 21 12:50:06.606552 2015] [ssl:info] [pid 3229] [remote > 192.168.123.200:8443] AH01964: Connection to child 0 established (server > share2.domain.tld:443) > [Wed Jan 21 12:50:06.641082 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: > Certificate Verification, depth 1, CRL checking mode: none [subject: > CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: > CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / serial: > 82D463F66C263CD7 / notbefore: Aug 10 16:17:34 2012 GMT / notafter: Jul 17 > 16:17:34 2112 GMT] > [Wed Jan 21 12:50:06.641284 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: > Certificate Verification, depth 1, CRL checking mode: none [subject: > CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: > CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / serial: > 82D463F66C263CD7 / notbefore: Aug 10 16:17:34 2012 GMT / notafter: Jul 17 > 16:17:34 2112 GMT] > [Wed Jan 21 12:50:06.641594 2015] [ssl:debug] [pid 3229] > ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: > Certificate Verification, depth 0, CRL checking mode: none [subject: > CN=Alfresco Repository,OU=Unknown,O=Alfresco Software > Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: CN=Alfresco CA,O=Alfresco Software > Ltd.,L=Maidenhead,ST=UK,C=GB / serial: FFF3BCDAE57BBA22 / notbefore: Aug 10 > 16:21:00 2012 GMT / notafter: Jul 17 16:21:00 2112 GMT] > [Wed Jan 21 12:50:06.641654 2015] [ssl:info] [pid 3229] [remote > 192.168.123.200:8443] AH02003: SSL Proxy connect failed > [Wed Jan 21 12:50:06.641719 2015] [ssl:info] [pid 3229] SSL Library > Error: error:100AE081:elliptic curve > routines:EC_GROUP_new_by_curve_name:unknown group > [Wed Jan 21 12:50:06.641769 2015] [ssl:info] [pid 3229] SSL Library Error: > error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib > [Wed Jan 21 12:50:06.641788 2015] [ssl:info] [pid 3229] [remote > 192.168.123.200:8443] AH01998: Connection closed to child 0 with abortive > shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.641925 2015] [ssl:info] [pid 3229] [remote > 192.168.123.200:8443] AH01997: SSL handshake failed: sending 502 > [Wed Jan 21 12:50:06.641993 2015] [proxy_http:error] [pid 3229] > (103)Software caused connection abort: [client 192.168.123.165:50270] > AH01102: error reading status line from remote server share2.domain.tld:8443 > [Wed Jan 21 12:50:06.642075 2015] [proxy_http:debug] [pid 3229] > mod_proxy_http.c(1369): [client 192.168.123.165:50270] AH01105: NOT > Closing connection to client although reading from backend server > share2.domain.tld:8443 failed. > [Wed Jan 21 12:50:06.642098 2015] [proxy:error] [pid 3229] [client > 192.168.123.165:50270] AH00898: Error reading from remote server returned > by / > [Wed Jan 21 12:50:06.642113 2015] [proxy:debug] [pid 3229] > proxy_util.c(2146): AH00943: HTTPS: has released connection for (*) > [Wed Jan 21 12:50:06.642300 2015] [rewrite:trace2] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19a6fb0/initial/redir#1] init > rewrite engine with requested uri /error/HTTP_BAD_GATEWAY.html.var > [Wed Jan 21 12:50:06.642330 2015] [rewrite:trace3] [pid 3229] > mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - > [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19a6fb0/initial/redir#1] > applying pattern '^/(.*)' to uri '/error/HTTP_BAD_GATEWAY.html.var' > > It looks like the proxy is working but there seems to be a SSL handshake > issue. This same setup (with the eception of apache 2.2.x) is working fine > in production. The apache certificate is a self-signed cert, right now but > we have a godaddy cert in the working setup. Can anyone point me in the > right direction to get this working? > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Atenciosamente, Rodrigo da Silva Cunha
