httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] (104)Connection reset by peer: SSL input filter read failed.
Date Fri, 02 Jul 2010 00:11:39 GMT
Hi,

Using "ProxyRequests off" means the apache is going to be a reverse proxy
but I can't see your ProxyPassreverse statement. Also the order of the proxy
commands is little bit weird. I wold do it in this way:

ProxyRequests off
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /

Cheers,
Igor

On Fri, Jul 2, 2010 at 12:28 AM, Mauri <lain80@gmail.com> wrote:

> Hi expert,
>
> my application crashes (BMC Remedy) in the same point.
> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.
>
> In the apache log i'm reading this error:
>
> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
> by peer: SSL input filter read failed.
> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
> reset by peer: proxy: error reading status line from remote server
> 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
> 10.173.202.231] proxy: NOT Closing connection to client although reading
> from backend server 10.10.0.1 failed., referer:
> https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
> reading from remote server returned by
> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
> https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
> released connection for (10.10.0.1)
>
> What kind of check can I do?
>
> Many thanks for all suggest, as usual
> Cheers,
> Mauri
>
> this is my server:
>
> [root@Proxy1 httpd]# uname -a
> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
> i386 GNU/Linux
> [root@Proxy1 httpd]# rpm -qa | grep httpd
> httpd-manual-2.2.3-31.el5_4.2
> system-config-httpd-1.3.3.3-1.el5
> httpd-2.2.3-31.el5_4.2
> httpd-devel-2.2.3-31.el5_4.2
>
> this is my ssl.conf configuration:
>
> LoadModule ssl_module modules/mod_ssl.so
> LoadFile   /usr/lib/libxml2.so
> LoadModule proxy_html_module modules/mod_proxy_html.so
> LoadModule xml2enc_module modules/mod_xml2enc.so
>
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> SSLPassPhraseDialog  builtin
> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom  256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
> NameVirtualHost itsmtest:443
> <VirtualHost itsmtest:443>
> ServerName itsmtest
> ErrorLog logs/ictitsm_ssl_error_log_443
> TransferLog logs/ictitsm_ssl_access_log_443
> LogLevel Debug
> ProxyHTMLLogVerbose On
> ProxyPreserveHost On
> ProxyPass / https://10.10.0.1:8443/
> ProxyHTMLURLMap https://itsmtest/ /
> ProxyRequests off
> SetEnv force-proxy-request-1.0 1
> SetEnv proxy-nokeepalive 1
> SetEnv proxy-initial-not-pooled 1
> timeout 900
>
> <Location />
>         ProxyPassReverse https://itsmtest/
>         ProxyHTMLEnable On
>         ProxyHTMLMeta On
>         ProxyHTMLURLMap  /      /
>         RequestHeader    unset  Accept-Encoding
> </Location>
>
> SSLEngine on
> SSLProxyEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
> SetEnv proxy-nokeepalive 1
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>

Mime
View raw message