httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Smith <simon_s...@hotmail.com>
Subject [users@httpd] SSL Accelerator and LDAP Auth Question
Date Sat, 17 Apr 2010 15:00:03 GMT


Hello,
I am trying to configure Apache 2.2 to allow act as an SSL accelerator with LDAP authentication
and I'm having two issues.  
My first issue is I cannot get Apache to work as an SSL accelerator.  My current configuration:
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>
    DocumentRoot "/mnt/data/remote"    ServerName site.system.com 
    SSLEngine On    SSLCertificateFile /etc/key/cert.crt    SSLCertificateKeyFile /etc/key/cert.key
       ProxyPass           /app1/       http://srv1.system.com/app1/    ProxyPassReverse 
  /app1/       http://srv1.system.com/app1/    ProxyHTMLURLMap     http://srv1.system.com/app1
/app1</VirtualHost>
The above configuration works perfectly when it it is configured as a non-ssl site, and the
reverse proxy works exactly as expected.  When SSL is enabled as it is above, the links within
pages for app1 are not re-written to be https:// and therefore it does not work.  I have tried
fiddling with the ProxyHTMLURLMap to no avail.  Can anyone suggest where I am going wrong?
My second question is with AuthLdap, and I think is a simple one.  I'd like to secure my SSL
accelerator using LDAP against Active Directory.  This works as expected, but I was wondering
if there was a way to specify authentication for the entire virtual host rather that repeating
the same configuration in the directory and location blocks. Below is what hopefully  my final
configuration would look like once I figure out the SSL accelerator with reverse proxy issue
above
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>    DocumentRoot "/opt/site"    ServerName site.system.com
    SSLEngine On    SSLCertificateKeyFile /etc/key/file.key    SSLCertificateChainFile /etc/key/file.crt
    ErrorLog /var/log/apache2/remote/error.log    CustomLog /var/log/apache2/remote/access.log
common
    Options -Indexes
    <Directory /*>            AuthBasicProvider ldap            AuthType Basic     
      AuthzLDAPAuthoritative off            AuthName "site.system.com"            AuthLDAPURL
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)" NONE   
        AuthLDAPBindDN "user@system.com"            AuthLDAPBindPassword password        
   require ldap-group DC=site,DC=com    </Directory>
    #RewriteRule ^/app1$ app1/ [R]    <Location /app1/>        ProxyPass http://srv1/app1/
       ProxyPassReverse http://srv1/app1/        #ProxyHTMLEnable On        ProxyHTMLURLMap
http://srv1/app1 /app1    </Location>
    #RewriteRule ^/app2$ app2/ [R]    <Location /app2>            AuthBasicProvider
ldap            AuthType Basic            AuthzLDAPAuthoritative off            AuthName "site.system.com"
           AuthLDAPURL "ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
NONE            AuthLDAPBindDN "user@system.com"            AuthLDAPBindPassword password
           require ldap-group DC=site,DC=com
        ProxyPass http://srv2/app2/        ProxyPassReverse http://srv2/app2/        #ProxyHTMLURLMap
http://srv2/app2/ /app2/        #ProxyHTMLURLMap http://srv2/app2 /app2    </Location>

</VirtualHost>
Any suggestions are appreciated.
Simon 		 	   		  
_________________________________________________________________
Got a phone? Get Hotmail & Messenger for mobile!
http://go.microsoft.com/?linkid=9724464
Mime
View raw message