Already tried with those? : SSLProxyEngine On SSLProxyCheckPeerName Off SSLProxyCheckPeerExpire Off SSLProxyCipherSuite All SSLProxyProtocol all -SSLv3 SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+EXP SSLProxyVerify none ProxyPreserveHost On
This way your reverse proxy will not check worker certificates. 18 marzo 2020 02:33, "Gilbert Soucy" <gso...@36pix.com (mailto:gso...@36pix.com?to=%22Gilbert%20Soucy%22%20<gso...@36pix.com>)> wrote: Hello, I am not an expert, so I apologize if my question is unclear. I have a problem with setting up a load balancer that supports ssl with a valid certificate. It works ok when I refer to the balancer members by a valid DNS name. However, if I just put the IP address of the balancer members, I get ERROR: certificate common name '*.mydomain.com (http://mydomain.com)' doesn't match requested host name '52.26.53.37'. I am following the load balancer sample config found here: https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html (https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html) that I adapted to ssl, here is my ssl.conf : <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key SSLCACertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt ErrorLog /var/www/mydomain.com/logs/error.log (http://mydomain.com/logs/error.log) CustomLog /var/www/mydomain.com/logs/access.log (http://mydomain.com/logs/access.log) combined ProxyRequests off <Proxy balancer://cluster> # Using valid DNS names for the members works well BalancerMember https://ws1.mydomain.com/ (https://ws1.mydomain.com/) BalancerMember https://ws2.mydomain.com/ (https://ws2.mydomain.com/) # Using the IP address of the members returns the certificate error given above #BalancerMember http://52.73.75.46/ (http://52.73.75.46/) #BalancerMember http://52.26.53.37/ (http://52.26.53.37/) ProxySet lbmethod=byrequests </Proxy> <Location /balancer-manager> SetHandler balancer-manager </Location> # ProxyPreserveHost On ProxyPass /balancer-manager ! ProxyPass / balancer://cluster/ </VirtualHost> I would like to be able to use only the IP addresses so that I can add a variable number of BalancerMember that I could start dynamically on a cloud setup. Using a DNS entry for each BalancerMember makes everything more complicated. Is there a way to configure httpd so that only the load balancer servers needs to have a valid certificate and a DNS name ? All the balancerMembers behind the load balancer would exist only with their IP address. Thank you Gilbert
