Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 92486 invoked from network); 5 Jul 2010 11:02:37 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 5 Jul 2010 11:02:37 -0000 Received: (qmail 39857 invoked by uid 500); 5 Jul 2010 11:02:34 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 39551 invoked by uid 500); 5 Jul 2010 11:02:31 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 39537 invoked by uid 99); 5 Jul 2010 11:02:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Jul 2010 11:02:30 +0000 X-ASF-Spam-Status: No, hits=4.4 required=10.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,NORMAL_HTTP_TO_IP,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lain80@gmail.com designates 209.85.214.45 as permitted sender) Received: from [209.85.214.45] (HELO mail-bw0-f45.google.com) (209.85.214.45) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Jul 2010 11:02:22 +0000 Received: by bwz5 with SMTP id 5so3778454bwz.18 for ; Mon, 05 Jul 2010 04:01:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=i19xBg/xam/oQPA7VqJCs8MK27ebf/pWPf+77mthDKE=; b=XOOcoyUyEaM95KhCZ932H5q6ryXtJyPlzb/FXtMWUShHZ3h7iBIiqZEGcapaCBiAyV w6MYTcRIaEidFggsonyr79iWl0GJ2HdMQexPdG0Jep133NkOHeBAcl5p/sQDqj47Sn5C M3ZfX7catG8YN7GlzIFHuFPYpBl22tD8cMoCo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=YrZVVvU9ei4vEHAmF8qWhHM3mBaMI66AJ+ulUcXpsS0sZm8R4lRqMs0NtSKW/BwdMy /6vK1QncUWGO81O3p5JI9Wc6A/S0Y/BKrlV5wt//uto67H5rYQkBMM2mZdn/eXNc1WTh NFuSxUbacpCppZWogwbAkShcRAxIQeKo6z4CA= MIME-Version: 1.0 Received: by 10.204.81.222 with SMTP id y30mr2230811bkk.155.1278327661661; Mon, 05 Jul 2010 04:01:01 -0700 (PDT) Received: by 10.204.98.193 with HTTP; Mon, 5 Jul 2010 04:01:01 -0700 (PDT) In-Reply-To: References: Date: Mon, 5 Jul 2010 13:01:01 +0200 Message-ID: From: Mauri To: users@httpd.apache.org Content-Type: multipart/alternative; boundary=0016e6db2d112e10a6048aa1dac7 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] (104)Connection reset by peer: SSL input filter read failed. --0016e6db2d112e10a6048aa1dac7 Content-Type: text/plain; charset=ISO-8859-1 Hi, can someone help? many thanks, Mauri 2010/7/2 Mauri > Hi Igor, > > thanks for the response, u have right about the order, i have changed it. > > for the ProxyPassreverse this directive is wrong? > > > > ProxyPassReverse https://itsmtest/ > ProxyHTMLEnable On > ProxyHTMLMeta On > ProxyHTMLURLMap / / > RequestHeader unset Accept-Encoding > > > what I can change or do? > > many thanks for the support. > > Cheers, > Mauri > > > 2010/7/2 Igor Cicimov > > Hi, >> >> Using "ProxyRequests off" means the apache is going to be a reverse proxy >> but I can't see your ProxyPassreverse statement. Also the order of the proxy >> commands is little bit weird. I wold do it in this way: >> >> ProxyRequests off >> >> ProxyHTMLLogVerbose On >> ProxyPreserveHost On >> ProxyPass / https://10.10.0.1:8443/ >> ProxyPassReverse / https://10.10.0.1:8443/ >> ProxyHTMLURLMap https://itsmtest/ / >> >> Cheers, >> Igor >> >> >> On Fri, Jul 2, 2010 at 12:28 AM, Mauri wrote: >> >>> Hi expert, >>> >>> my application crashes (BMC Remedy) in the same point. >>> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996. >>> >>> In the apache log i'm reading this error: >>> >>> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O >>> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420] >>> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection >>> reset by peer: SSL input filter read failed. >>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] >>> (104)Connection reset by peer: proxy: error reading status line from remote >>> server 10.10.0.1, referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client >>> 10.173.202.231] proxy: NOT Closing connection to client although reading >>> from backend server 10.10.0.1 failed., referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error >>> reading from remote server returned by >>> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: >>> https://itsmtest/arsys/atrium/AtriumConsole.swf >>> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has >>> released connection for (10.10.0.1) >>> >>> What kind of check can I do? >>> >>> Many thanks for all suggest, as usual >>> Cheers, >>> Mauri >>> >>> this is my server: >>> >>> [root@Proxy1 httpd]# uname -a >>> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 >>> i386 GNU/Linux >>> [root@Proxy1 httpd]# rpm -qa | grep httpd >>> httpd-manual-2.2.3-31.el5_4.2 >>> system-config-httpd-1.3.3.3-1.el5 >>> httpd-2.2.3-31.el5_4.2 >>> httpd-devel-2.2.3-31.el5_4.2 >>> >>> this is my ssl.conf configuration: >>> >>> LoadModule ssl_module modules/mod_ssl.so >>> LoadFile /usr/lib/libxml2.so >>> LoadModule proxy_html_module modules/mod_proxy_html.so >>> LoadModule xml2enc_module modules/mod_xml2enc.so >>> >>> Listen 443 >>> AddType application/x-x509-ca-cert .crt >>> AddType application/x-pkcs7-crl .crl >>> SSLPassPhraseDialog builtin >>> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) >>> SSLSessionCacheTimeout 300 >>> SSLMutex default >>> SSLRandomSeed startup file:/dev/urandom 256 >>> SSLRandomSeed connect builtin >>> SSLCryptoDevice builtin >>> NameVirtualHost itsmtest:443 >>> >>> ServerName itsmtest >>> ErrorLog logs/ictitsm_ssl_error_log_443 >>> TransferLog logs/ictitsm_ssl_access_log_443 >>> LogLevel Debug >>> ProxyHTMLLogVerbose On >>> ProxyPreserveHost On >>> ProxyPass / https://10.10.0.1:8443/ >>> ProxyHTMLURLMap https://itsmtest/ / >>> ProxyRequests off >>> SetEnv force-proxy-request-1.0 1 >>> SetEnv proxy-nokeepalive 1 >>> SetEnv proxy-initial-not-pooled 1 >>> timeout 900 >>> >>> >>> ProxyPassReverse https://itsmtest/ >>> ProxyHTMLEnable On >>> ProxyHTMLMeta On >>> ProxyHTMLURLMap / / >>> RequestHeader unset Accept-Encoding >>> >>> >>> SSLEngine on >>> SSLProxyEngine on >>> SSLProtocol all -SSLv2 >>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW >>> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt >>> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key >>> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer >>> >>> >>> SSLOptions +StdEnvVars >>> >>> >>> SSLOptions +StdEnvVars >>> >>> SetEnv proxy-nokeepalive 1 >>> SetEnvIf User-Agent ".*MSIE.*" \ >>> nokeepalive ssl-unclean-shutdown \ >>> downgrade-1.0 force-response-1.0 >>> CustomLog logs/ssl_request_log \ >>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >>> >> >> >> > --0016e6db2d112e10a6048aa1dac7 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi,

can someone help?

many thanks,
Mauri


2010/7/2 Mauri <lain80@gmail.com>
Hi Igor,

thanks for the response, u have right about the order, i ha= ve changed it.

for the ProxyPassreverse this directive is wrong?

<Location />
=A0=A0=A0=A0=A0=A0=A0 ProxyPass= Reverse https://itsmtest/
=A0=A0=A0=A0=A0=A0=A0 ProxyHTMLEnable On
=A0=A0=A0=A0=A0=A0=A0 ProxyHTML= Meta On
=A0=A0=A0=A0=A0=A0=A0 ProxyHTMLURLMap=A0 /=A0=A0=A0=A0=A0 /
= =A0=A0=A0=A0=A0=A0=A0 RequestHeader=A0=A0=A0 unset=A0 Accept-Encoding
&l= t;/Location>

what I can change or do?

many thanks fo= r the support.

Cheers,
Mauri


2010/7/2 Igor Ci= cimov <icicimov@gmail.com>

Hi,

Using "ProxyRequests off" means the apache is going to= be a reverse proxy but I can't see your ProxyPassreverse statement. Al= so the order of the proxy commands is little bit weird. I wold do it in thi= s way:

ProxyRequests off

ProxyHTMLLogVerbose On
ProxyPreserveHost O= n
ProxyPass / http= s://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/
ProxyHTMLURLMap https://its= mtest/ /

Cheers,
Igor


On Fri, Jul 2, 2010 at 12:28 AM, Mauri= <lain80@gmail.com> wrote:
Hi expert,

my application crashes (BMC Remedy) in the same point. This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on = 8996.

In the apache log i'm reading this error:

[Thu Jul = 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O error, 3237 b= ytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset = by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error= ] [client 10.173.202.231] (104)Connection reset by peer: proxy: error readi= ng status line from remote server 10.10.0.1, referer: https://itsmtest/a= rsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client 10.173.2= 02.231] proxy: NOT Closing connection to client although reading from backe= nd server 10.10.0.1 failed., referer: https://itsmtest/arsys/atrium/Atri= umConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error rea= ding from remote server returned by /arsys/plugins/AtriumWidget/messagebrok= er/amfsecure, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has re= leased connection for (10.10.0.1)

What kind of check can I do?
Many thanks for all suggest, as usual
Cheers,
Mauri

this is = my server:

[root@Proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed= Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
[root@Proxy1 httpd]# = rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-http= d-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2

this is my ss= l.conf configuration:

LoadModule ssl_module modules/mod_ssl.so
Lo= adFile=A0=A0 /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mo= d_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so

Listen 443
AddTy= pe application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl=A0=A0= =A0 .crl
SSLPassPhraseDialog=A0 builtin
SSLSessionCache=A0=A0=A0=A0= =A0=A0=A0=A0 shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout=A0 300
SSLMutex default
SSLRandomSeed startup = file:/dev/urandom=A0 256
SSLRandomSeed connect builtin
SSLCryptoDevic= e builtin
NameVirtualHost itsmtest:443
<VirtualHost itsmtest:443&g= t;
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferL= og logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose= On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://its= mtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
Se= tEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 90= 0

<Location />
=A0=A0=A0=A0=A0=A0=A0 ProxyPassReverse https://itsmtest/
=A0=A0=A0=A0=A0=A0=A0 ProxyHTMLEnable = On
=A0=A0=A0=A0=A0=A0=A0 ProxyHTMLMeta On
=A0=A0=A0=A0=A0=A0=A0 Proxy= HTMLURLMap=A0 /=A0=A0=A0=A0=A0 /
=A0=A0=A0=A0=A0=A0=A0 RequestHeader=A0= =A0=A0 unset=A0 Accept-Encoding
</Location>

SSLEngine on
SSLProxyEngine on
SSLProtocol a= ll -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+= LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertific= ateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer

<Files ~ &qu= ot;\.(cgi|shtml|phtml|php3?)$">
=A0=A0=A0 SSLOptions +StdEnvVars=
</Files>
<Directory "/var/www/cgi-bin">
=A0= =A0=A0 SSLOptions +StdEnvVars
</Directory>
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent &qu= ot;.*MSIE.*" \
=A0=A0=A0=A0=A0=A0=A0=A0 nokeepalive ssl-unclean-shu= tdown \
=A0=A0=A0=A0=A0=A0=A0=A0 downgrade-1.0 force-response-1.0
Cus= tomLog logs/ssl_request_log \
=A0=A0=A0=A0=A0=A0=A0=A0=A0 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \&q= uot;%r\" %b"
</VirtualHost>



--0016e6db2d112e10a6048aa1dac7--