httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Volkert <tvolk...@gmail.com>
Subject [users@httpd] Re: SSLProxyEngine config help
Date Fri, 18 Dec 2009 02:49:19 GMT
Forgot to mention that I generated the proxy.pem file by following the
process listed at https://issues.apache.org/bugzilla/show_bug.cgi?id=31856,
including making sure that I'm using an rsa key (not pkcs8).

-T

On Thu, Dec 17, 2009 at 9:45 PM, Todd Volkert <tvolkert@gmail.com> wrote:

> Ok, hopefully I'm not missing something stupid again...  I'm trying to
> enable the SSL proxy engine for use in one of my virtual hosts, and though
> it seems to accept my SSLProxyMachineCertificateFile upon startup, I get
> gobledegook requests when trying to connect over HTTPS:
>
> Here is my server config:
>
> <VirtualHost *:443>
>     ServerName www.foo.com
>     ServerAlias localhost foo.com *.foo.com
>
>     SSLProxyEngine on
>     SSLProxyMachineCertificateFile /etc/httpd/conf/proxy.pem
>     ProxyRequests Off
>
>     <Proxy *>
>         Order deny,allow
>         Allow from all
>     </Proxy>
>
>     ProxyPass / https://localhost:8443/
>     ProxyPassReverse / https://localhost:8443/
> </VirtualHost>
>
> Here is the output of the server logs upon startup:
>
> [Thu Dec 17 21:37:42 2009] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Thu Dec 17 21:37:42 2009] [warn] Init: Session Cache is not configured
> [hint: SSLSessionCache]
> [Thu Dec 17 21:37:42 2009] [notice] Digest: generating secret for digest
> authentication ...
> [Thu Dec 17 21:37:42 2009] [notice] Digest: done
> [Thu Dec 17 21:37:43 2009] [notice] Apache/2.2.9 (Unix) DAV/2 mod_ssl/2.2.9
> OpenSSL/0.9.8b configured -- resuming normal operations
>
> Then when I run 'lynx https://localhost/foo.jsp', I get the following in
> the httpd logs:
>
> ==> /etc/httpd/logs/access_log <==
> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03\x01" 501 1235 "-"
> "-"
> 127.0.0.1 - - [17/Dec/2009:21:38:52 -0500] "\x80s\x01\x03" 501 1232 "-" "-"
>
> And I get the following in the tomcat access logs:
>
> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1229
> 127.0.0.1 [17/Dec/2009:21:38:52 -0500] 8443 '?s / HTTP/1.1' 501 1226
>
> Ring any bells?
> -T
>

Mime
View raw message