httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joost Heer, de" <j.d.h...@atriummc.nl>
Subject RE: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for Citrix MetaFrame Presentation Server
Date Mon, 07 Jun 2010 06:36:35 GMT
>>> Ruiyuan Jiang <Ruiyuan_Jiang@liz.com> 3-6-2010 23:02 >>>
>Hi, I tested and I got "ssl error code 47" error. It seems to me that Apache wants to
terminate any port 443 traffic. 
>The Citrix presentation server does not allow termination of the traffic at port 443.
Otherwise Citrix will have an error.
>Is there a way to let Apache proxy server passing port 443 traffic without doing anything
like a firewall does?

As far as I know not with Apache. You either need NAT-ting on your firewall, or a software
NAT like rinetd (http://www.boutell.com/rinetd/ or a package from your own distribution if
available).

If you use https on Apache only for CPS-traffic, you can remove the Apache https-configuration.
Your rinetd.conf should look like:

external.ip.address 443 internal.ip.address 443
logfile /var/log/rinetd.log

If you need Apache to listen on 443 for other uses, you'll either have to add a second IP
address to your frontend server and have rinetd listen on that address (and Apache on the
original one), or use a different CPS-port (and change 443 in the rinetd configuration to
match that port).

Please note that this will expose your CPS (CSG?) directly to the internet. It also means
that clients will see the certificate published on the Citrix-server, so be sure that your
clients trust that certificate.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message