httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mauri <lai...@gmail.com>
Subject Re: [users@httpd] Reverse Proxy https to http
Date Thu, 22 Apr 2010 13:01:14 GMT
u can investigate on the version. I have this: httpd-2.2.3-31

Please see at ssl.conf top:
================================================
LoadModule ssl_module modules/mod_ssl.so
LoadFile   /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
================================================

have u load this module?


2010/4/22 GB GB <gbcyoyo@gmail.com>

> The version I am using is
> Server version: Apache/2.0.54
> Server built:   Sep 23 2005 15:28:48
>
>  ProxyHTMLURLMap doesn't work with what I am using.....
>
>
> On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lain80@gmail.com> wrote:
> > Hi GB.
> >
> > I have a similar solution.
> >
> > Client --> https://mysite.com --> proxy --> http://backend.
> >
> > the url in the client broswer is https://mysite.com.
> >
> > this is my /etc/httpd/conf.d/ssl.conf:
> >
> >
> >
> > LoadModule ssl_module modules/mod_ssl.so
> > LoadFile   /usr/lib/libxml2.so
> > LoadModule proxy_html_module modules/mod_proxy_html.so
> > LoadModule xml2enc_module modules/mod_xml2enc.so
> > Listen 443
> > AddType application/x-x509-ca-cert .crt
> > AddType application/x-pkcs7-crl    .crl
> > SSLPassPhraseDialog  builtin
> > SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> > SSLSessionCacheTimeout  300
> > SSLMutex default
> > SSLRandomSeed startup file:/dev/urandom  256
> > SSLRandomSeed connect builtin
> > SSLCryptoDevice builtin
> >
> > NameVirtualHost mysite.com:443
> > <VirtualHost mysite.com:443>
> > ServerName mysite.com
> > ProxyRequests off
> > ProxyPass / https://10.173.90.167:8443/
> > ProxyHTMLURLMap https://10.173.90.167:8443 /
> > <Location />
> >         ProxyPassReverse https://10.173.90.167:8443/
> >         ProxyHTMLEnable On
> >         ProxyHTMLURLMap  /      /
> >         RequestHeader    unset  Accept-Encoding
> > </Location>
> >
> > SSLEngine on
> > SSLProxyEngine on
> > SSLProtocol all -SSLv2
> > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> > SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
> > SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
> > SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
> >
> > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> >     SSLOptions +StdEnvVars
> > </Files>
> > <Directory "/var/www/cgi-bin">
> >     SSLOptions +StdEnvVars
> > </Directory>
> > SetEnvIf User-Agent ".*MSIE.*" \
> >          nokeepalive ssl-unclean-shutdown \
> >          downgrade-1.0 force-response-1.0
> > CustomLog logs/ssl_request_log \
> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > </VirtualHost>
> >
> >
> >
> >
> >
> >
> > 2010/4/22 GB GB <gbcyoyo@gmail.com>
> >>
> >> Basically what goes on when the user types in https://mydomain.com/lsw
> >> he gets an authentification page from the backend application. Once he
> >>  enters his credentials, I notice a POST in the apache logs.
> >>
> >> This is what the user types in:
> >> https://mydomain.com/lsw/clientele/gen/authentification.jsp
> >> he enters his credentials, then a POST appears in the log :
> >> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302
> >>
> >> and in the browser I get the following: The connection has timed out
> >>
> >>
> >>
> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
> >>
> >> the above link doesn't work because its http rather than https!!
> >>
> >> If I add the "s" manually
> >>
> >>
> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
> >>  then it works.
> >>
> >> 1)So how can I force the protocole to remain https once the client
> >> does a POST.....
> >> 2)I have noticed in many examples that people use PreserveHost on, in
> >> my case, if activate
> >> PreserveHost on then I cant even get the first page to work:
> >>
> >> Thx in advance
> >>
> >>
> >>
> >>
> >> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
> >> <krist.vanbesien@gmail.com> wrote:
> >> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcyoyo@gmail.com> wrote:
> >> >
> >> >
> >> >
> >> >> #this for some reason becomes http from client perspective
> >> >> #PreserveHost on does not work with lsw, so I disabled it....
> >> >> RewriteRule       ^/lsw(.*)$    http://backend2.ca:8082/lsw$1
> >> >> [NC,P,L]
> >> >> ProxyPassReverse  /lsw          http://backend2.ca:8082/lsw
> >> >> Redirect permanent /lsw https://mydomain.com/lsw
> >> >
> >> > First of all: Remove the "Redirect Permanent". It's not needed (as
> >> > this virtualhost only gets https requests anyway) and confuses. If you
> >> > want to make sure that people who accidentaly land on the http site
> >> > get redirected to https you need to put a redirect in the http virtual
> >> > host.
> >> >
> >> > Secondly: Look at what your backend produces. It is very well possible
> >> > that it passes html pages back to the client that contain http://
> >> > style URLs. RewriteRule only operates on request URLs,
> >> > ProxyPassReverse only on redirects passed back. The content passed
> >> > back by the backend is not modified.
> >> >
> >> > HTH,
> >> >
> >> > Krist
> >> >
> >> > --
> >> > krist.vanbesien@gmail.com
> >> > krist@vanbesien.org
> >> > Bremgarten b. Bern, Switzerland
> >> > --
> >> > A: It reverses the normal flow of conversation.
> >> > Q: What's wrong with top-posting?
> >> > A: Top-posting.
> >> > Q: What's the biggest scourge on plain text email discussions?
> >> >
> >> > ---------------------------------------------------------------------
> >> > The official User-To-User support forum of the Apache HTTP Server
> >> > Project.
> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> > For additional commands, e-mail: users-help@httpd.apache.org
> >> >
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server
> Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message