Return-Path: 
 <users-return-100838-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 867647A27
	for <apmail-httpd-users-archive@www.apache.org>;
 Sat, 13 Aug 2011 11:42:10 +0000 (UTC)
Received: (qmail 25107 invoked by uid 500); 13 Aug 2011 11:42:07 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 25040 invoked by uid 500); 13 Aug 2011 11:42:06 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 25032 invoked by uid 99); 13 Aug 2011 11:42:05 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Aug 2011 11:42:05 +0000
X-ASF-Spam-Status: No, hits=-0.6 required=5.0
	tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of phracek2@gmail.com designates
 209.85.216.45 as permitted sender)
Received: from [209.85.216.45] (HELO mail-qw0-f45.google.com) (209.85.216.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Aug 2011 11:41:59 +0000
Received: by qwj8 with SMTP id 8so2842962qwj.18
        for <users@httpd.apache.org>; Sat, 13 Aug 2011 04:41:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=NqrnmJQ5yD9svpyTQGgVLC+CvRDSsCTLjDPtT2n0wfA=;
        b=eky6Z/3EZL4m1J4H6o3lobjz0J/LaTud+m8ZFMbjreVeyVOgFg0zCrjPSnA/8kyc5y
         YP43D9eGKTAAW89H1AZ4cL9G8bar6/OBIRqsqEUt/twYqw+hGMdec0W+MoRyckqS4YTY
         IhIXt3sEnsx6jfSn3Aoz4p2CSDfsmzjFc2Kpw=
MIME-Version: 1.0
Received: by 10.224.216.5 with SMTP id hg5mr1385667qab.268.1313235698564; Sat,
 13 Aug 2011 04:41:38 -0700 (PDT)
Received: by 10.224.20.84 with HTTP; Sat, 13 Aug 2011 04:41:38 -0700 (PDT)
In-Reply-To: <20110812204554.39ed7f73@baldur>
References: 
 <CAOdshCzujoG_Mv0Wp2iUctoNBB1zsCxa+sWr_BoN2BQ1uQvXMw@mail.gmail.com>
	<20110812204554.39ed7f73@baldur>
Date: Sat, 13 Aug 2011 13:41:38 +0200
Message-ID: 
 <CAOdshCzFKu=haiJKpcgV-Pt7MANdV3-hCew6eVi=FU8iYmfJ1w@mail.gmail.com>
From: Petr Hracek <phracek2@gmail.com>
To: users@httpd.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Problem with configuring Reverse Proxy and
 VirtualHost

Could help me following:
ProxyPass  http://192.0.2.25:8080/SECAdmin
ProxyPassReverse  http://192.0.2.25:8080/SECAdmin/

Dne 12. srpna 2011 21:45 Nick Kew <nick@webthing.com> napsal(a):
> On Fri, 12 Aug 2011 21:21:45 +0200
> Petr Hracek <phracek2@gmail.com> wrote:
>
>> Dear user,
>>
>> I am a new bie in Reverse Proxy configuration but something is wrong
>> and I really do not know
>> where can be a problem.
>>
>> My configuration of Virtual Host is following:
>> <VirtualHost *:443>
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 SSLEngine on
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 SSLProxyEngine on
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 ServerName main_assistant
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 ProxyPreserveHost on
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 ProxyRequests off
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 TraceEnable off
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 DocumentRoot "/opt/apache/htdocs/ssldocs"
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 <Location "/APPL/">
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 re=
quire valid-user
>
> Is the proxy supposed to authenticate or not?
Yes it has to be authenticated. for security reasons.
All pages are authenticated by own module.
> You can't just half-configure it!
How to half-configure it?
>
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pr=
oxyPass =C2=A0http://192.0.2.25:8080/SECAdmin
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pr=
oxyPassReverse =C2=A0http://192.0.2.25:8080/SECAdmin
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Pr=
oxyPassReverseCookiePath /SECAdmin /APPL
>
> That would not want SSLProxyEngine!
I will try to turn off.
>
>> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 </Location>
>> </VirtualHost>
>>
>> <VirtualHost 192.0.2.25:8080>
>
> Is the same server serving both these virtualhosts?
Main server contains several Proxys not only that one.
That IP (192.0.2.5) is on the another physical/vmware server

> Your log seems to include messages that aren't from the proxy!
>
>> ServerName APPL
>> #ProxyPreserveHost on
>> ProxyRequests Off
>> TraceEnable Off
>> Include /opt/apache/conf/sslcrtcnf/current.conf
>
> Yes, and?
>
>> But when I am accessing https://<ip_address>/APPL/
>
> Better to access it by name, so you get the right virtualhost.
> What you've posted should give a server error due to your
> broken authnz config!
Our web has to be access over IP based name.
Authnz config if wrong. On the Monday I will be back in the work and I
can send you all whole configuration file (but to the private email,
if it is not problem). Maybe you can find more troubles:)
>
>> in the log I see following:
>>
>> [Fri Aug 12 16:13:56 2011] [debug] mod_proxy_http.c(56): proxy: HTTP:
>> canonicalising URL //192.0.2.25:8080/SECAdminAuthServlet
>
> That doesn't come from anything you've posted!
>
>> [Fri Aug 12 16:13:56 2011] [debug] udsc_handlers.c(3419): udsc_fixups
>> /APPL/AuthServlet
>
> What is udsc_handlers.c?
uds_handler is my own prorietary authentication module.
>
> In fact nothing in that log has any bearing on the configuration
> you posted.
>
> --
> Nick Kew
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project=
.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> =C2=A0 " =C2=A0 from the digest: users-digest-unsubscribe@httpd.apache.or=
g
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



--=20
Best Regards / S pozdravem
Petr Hracek

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org