httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Petr Hracek <phrac...@gmail.com>
Subject Re: [users@httpd] Problem with configuring Reverse Proxy and VirtualHost
Date Sat, 13 Aug 2011 11:41:38 GMT
Could help me following:
ProxyPass  http://192.0.2.25:8080/SECAdmin
ProxyPassReverse  http://192.0.2.25:8080/SECAdmin/

Dne 12. srpna 2011 21:45 Nick Kew <nick@webthing.com> napsal(a):
> On Fri, 12 Aug 2011 21:21:45 +0200
> Petr Hracek <phracek2@gmail.com> wrote:
>
>> Dear user,
>>
>> I am a new bie in Reverse Proxy configuration but something is wrong
>> and I really do not know
>> where can be a problem.
>>
>> My configuration of Virtual Host is following:
>> <VirtualHost *:443>
>>         SSLEngine on
>>         SSLProxyEngine on
>>         ServerName main_assistant
>>         ProxyPreserveHost on
>>         ProxyRequests off
>>         TraceEnable off
>>         DocumentRoot "/opt/apache/htdocs/ssldocs"
>>               <Location "/APPL/">
>>                     require valid-user
>
> Is the proxy supposed to authenticate or not?
Yes it has to be authenticated. for security reasons.
All pages are authenticated by own module.
> You can't just half-configure it!
How to half-configure it?
>
>>                     ProxyPass  http://192.0.2.25:8080/SECAdmin
>>                     ProxyPassReverse  http://192.0.2.25:8080/SECAdmin
>>                     ProxyPassReverseCookiePath /SECAdmin /APPL
>
> That would not want SSLProxyEngine!
I will try to turn off.
>
>>                 </Location>
>> </VirtualHost>
>>
>> <VirtualHost 192.0.2.25:8080>
>
> Is the same server serving both these virtualhosts?
Main server contains several Proxys not only that one.
That IP (192.0.2.5) is on the another physical/vmware server

> Your log seems to include messages that aren't from the proxy!
>
>> ServerName APPL
>> #ProxyPreserveHost on
>> ProxyRequests Off
>> TraceEnable Off
>> Include /opt/apache/conf/sslcrtcnf/current.conf
>
> Yes, and?
>
>> But when I am accessing https://<ip_address>/APPL/
>
> Better to access it by name, so you get the right virtualhost.
> What you've posted should give a server error due to your
> broken authnz config!
Our web has to be access over IP based name.
Authnz config if wrong. On the Monday I will be back in the work and I
can send you all whole configuration file (but to the private email,
if it is not problem). Maybe you can find more troubles:)
>
>> in the log I see following:
>>
>> [Fri Aug 12 16:13:56 2011] [debug] mod_proxy_http.c(56): proxy: HTTP:
>> canonicalising URL //192.0.2.25:8080/SECAdminAuthServlet
>
> That doesn't come from anything you've posted!
>
>> [Fri Aug 12 16:13:56 2011] [debug] udsc_handlers.c(3419): udsc_fixups
>> /APPL/AuthServlet
>
> What is udsc_handlers.c?
uds_handler is my own prorietary authentication module.
>
> In fact nothing in that log has any bearing on the configuration
> you posted.
>
> --
> Nick Kew
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



-- 
Best Regards / S pozdravem
Petr Hracek

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message