httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres Aguado <andriu....@gmail.com>
Subject Re: [users@httpd] Reverse proxy problem
Date Tue, 21 Feb 2012 16:23:34 GMT
Well, after looking for, copying/pasting, testing, changing and
looking for again, it seems that my problem was that i needed to add
the following line into my virtual host:443

SSLProxyEngine on

Now it's working

Thanks all for your responses, your help and your patient

Regards,
Andres

2012/2/20 Andres Aguado <andriu.one@gmail.com>:
> Yes, into httpd-ssl.conf
>
> # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
> #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
> #
> Listen 8443
>
>
>
> 2012/2/20 Igor Cicimov <icicimov@gmail.com>:
>> Do you have
>> Listen 8443
>> at all in your config?
>>
>> On Feb 20, 2012 10:28 PM, "Andres Aguado" <andriu.one@gmail.com> wrote:
>>>
>>> mmmmm, i've configured on other machine, other apache 2.2 as reverse
>>> proxy and i've forwarded request to https://www.ingdirect.es, and the
>>> error is the same
>>>
>>> This is a very strange cuestion but, do you know if these
>>> configurations should work?, is it necessary to make any strange
>>> configuration?
>>>
>>> Regards
>>> Andres
>>>
>>> 2012/2/20 Andres Aguado <andriu.one@gmail.com>:
>>> > Hi again. Here we are again
>>> >
>>> > Sorry, but I don't understand that dns error, because i'm connecting
>>> > to ip interface. I'm not connecting to dns name to simplify the issue.
>>> > And i can connect from proxy to backend ok to https port. the problem
>>> > seems to be when virtual host "proxypass" the request, because i can
>>> > connect from another machine to https://192.168.112.57 too
>>> >
>>> > Jeff, I've changed proxypass and proxypassreverse sentences adding / a
>>> > the end but it's not working.
>>> >
>>> > Arrrrrrrrrrrrrrrrrrgggggggggg, I can't believe this configuration is
>>> > so difficult. It looked easy when i started it!
>>> >
>>> > 2012/2/17 Jeff Trawick <trawick@gmail.com>:
>>> >> On Fri, Feb 17, 2012 at 10:28 AM, Igor Cicimov <icicimov@gmail.com>
>>> >> wrote:
>>> >>> You have DNS error. Also check if you can connect from the proxy
to
>>> >>> the
>>> >>> backend on ssl port.
>>> >>
>>> >> proxy: DNS
>>> >> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg
>>> >>
>>> >> That looks more like a configuration problem...  The path is
>>> >> unexpectedly concatenated with the host (okay, IP).
>>> >>
>>> >> Change
>>> >> ProxyPass / https://192.168.112.57
>>> >> to
>>> >> ProxyPass / https://192.168.112.57/
>>> >> (similar for ProxyPassReverse)
>>> >>>
>>> >>> On Feb 18, 2012 1:04 AM, "Andres Aguado" <andriu.one@gmail.com>
wrote:
>>> >>>>
>>> >>>> Hi again Igor, connecting to https://192.168.112.57 directly,
a
>>> >>>> websphere app server (the backend app server for my case) admin
page
>>> >>>> is shown
>>> >>>>
>>> >>>> The error log shows this files since startup
>>> >>>>
>>> >>>> The Apache2.2 service has restarted.
>>> >>>> arent: Received restart signal -- Restarting the server.
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Child 6132: Exit event signaled.
>>> >>>> Child process is ending.
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: generating secret
for
>>> >>>> digest authentication ...
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: done
>>> >>>> [Fri Feb 17 14:14:16 2012] [notice] Child 6132: Released the
start
>>> >>>> mutex
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Apache/2.2.21 (Win32) DAV/2
>>> >>>> mod_ssl/2.2.21 OpenSSL/0.9.8r configured -- resuming normal
>>> >>>> operations
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Server built: Sep  9 2011
>>> >>>> 10:26:10
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Parent: Created child process
>>> >>>> 4308
>>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: generating secret
for
>>> >>>> digest authentication ...
>>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: done
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Child process
is
>>> >>>> running
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Acquired the
start
>>> >>>> mutex.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting 64
worker
>>> >>>> threads.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread
to
>>> >>>> listen on port 80.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread
to
>>> >>>> listen on port 8443.
>>> >>>> [Fri Feb 17 14:14:22 2012] [error] [client 127.0.0.1] proxy:
DNS
>>> >>>> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg
>>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: All worker threads
>>> >>>> have
>>> >>>> exited.
>>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: Child process
is
>>> >>>> exiting
>>> >>>>
>>> >>>> About app logs, i've not seen it and i don't know what file
to look
>>> >>>> for, so i'll ask app administrator server that sure will know
it
>>> >>>>
>>> >>>> Thanks!
>>> >>>> andres
>>> >>>>
>>> >>>> 2012/2/17 Igor Cicimov <icicimov@gmail.com>:
>>> >>>> > What is in the error file dude not the access one? Since
you are
>>> >>>> > proxying to
>>> >>>> > https://192.168.112.57 do you have ssl enabled on that
server? What
>>> >>>> > do
>>> >>>> > you
>>> >>>> > see in its log file?
>>> >>>> >
>>> >>>> > Since you said http proxying works i suspect you don't
have ssl
>>> >>>> > configured
>>> >>>> > on the backend 192.168.112.57.
>>> >>>> >
>>> >>>> >
>>> >>>> > On Fri, Feb 17, 2012 at 8:57 PM, Andres Aguado
>>> >>>> > <andriu.one@gmail.com>
>>> >>>> > wrote:
>>> >>>> >>
>>> >>>> >> Sorry Tom, here is an important piece of httpd-ssl.conf
>>> >>>> >>
>>> >>>> >> SSLEngine on   #Behind proxypass sentences
>>> >>>> >> SSLCertificateFile "C:\Program Files (x86)\Apache Software
>>> >>>> >> Foundation\Apache2.2\conf\ssl\server.crt"
>>> >>>> >> SSLCertificateKeyFile "C:\Program Files (x86)\Apache
Software
>>> >>>> >> Foundation\Apache2.2\conf\ssl\server.key"
>>> >>>> >>
>>> >>>> >> .crt and .key files has been created and are present
in specified
>>> >>>> >> directory
>>> >>>> >>
>>> >>>> >> Actuallly, redirect to https is disabled, and i'm not
connecting
>>> >>>> >> to
>>> >>>> >> http, i'm connecting to https://ipreverseproxy:8443
directly.
>>> >>>> >>
>>> >>>> >> Regards
>>> >>>> >> Andres
>>> >>>> >>
>>> >>>> >> 2012/2/17 Tom Evans <tevans.uk@googlemail.com>:
>>> >>>> >> > On Thu, Feb 16, 2012 at 2:31 PM, Andres Aguado
>>> >>>> >> > <andriu.one@gmail.com>
>>> >>>> >> > wrote:
>>> >>>> >> >> Hi all, i'd like to expose my problem because
i'm going crazy,
>>> >>>> >> >> and
>>> >>>> >> >> if
>>> >>>> >> >> anyone could help me it'll be very appreciated.
>>> >>>> >> >>
>>> >>>> >> >> Well, I've an apache 2.2 server over win2k8,
and i want to
>>> >>>> >> >> configure
>>> >>>> >> >> it as reverse proxy to send request to backend
Websphere server
>>> >>>> >> >>
>>> >>>> >> >> So, my httpd.conf file is written like this:
>>> >>>> >> >>
>>> >>>> >> >> NameVirtualHost *:80
>>> >>>> >> >> <VirtualHost *:80>
>>> >>>> >> >>      DocumentRoot "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example"
>>> >>>> >> >>      ServerName www.my_example.es:80
>>> >>>> >> >>      ServerRoot "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2"
>>> >>>> >> >>      DirectoryIndex index.html
>>> >>>> >> >>      Redirect / https://www.my_example.es:8443
>>> >>>> >> >>      ErrorLog "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\logs\error.log"
>>> >>>> >> >>      TransferLog "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\logs\access.log"
>>> >>>> >> >>
>>> >>>> >> >>      ProxyRequests Off
>>> >>>> >> >> </VirtualHost>
>>> >>>> >> >>
>>> >>>> >> >> And i've configured virtual host on 8443 in
httpd-ssl.conf like
>>> >>>> >> >> this:
>>> >>>> >> >>
>>> >>>> >> >> <VirtualHost _default_:8443>
>>> >>>> >> >>      DocumentRoot "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example"
>>> >>>> >> >>      DirectoryIndex index2.html
>>> >>>> >> >>      ServerName www.my_example.es:8443
>>> >>>> >> >>      ServerAdmin admin@my_example.es
>>> >>>> >> >>      ErrorLog "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\logs\error.log"
>>> >>>> >> >>      TransferLog "C:\Program Files (x86)\Apache
Software
>>> >>>> >> >> Foundation\Apache2.2\logs\access.log"
>>> >>>> >> >>
>>> >>>> >> >>      ProxyRequests Off
>>> >>>> >> >>      ProxyPreserveHost On
>>> >>>> >> >>      ProxyPass / https://192.168.112.57
>>> >>>> >> >>      ProxyPassReverse / https://192.168.112.57
>>> >>>> >> >> </VirtualHost>
>>> >>>> >> >>
>>> >>>> >> >> Proxy modules enabled are mod_proxy.so and
mod_proxy_http.so
>>> >>>> >> >> But this configuration is not working.
>>> >>>> >> >>
>>> >>>> >> >> If i comment both proxypass sentences and
try, it connects to
>>> >>>> >> >> local
>>> >>>> >> >> index.html page, but if i enable proxypass
sentences, it tries
>>> >>>> >> >> to
>>> >>>> >> >> connect, typical website certificate error
(continue to this
>>> >>>> >> >> site)
>>> >>>> >> >> appears in iexplorer and internal server error
page is
>>> >>>> >> >> displayed.
>>> >>>> >> >>
>>> >>>> >> >> Could anyone help me please?
>>> >>>> >> >>
>>> >>>> >> >> Thank you very much
>>> >>>> >> >> Andres
>>> >>>> >> >>
>>> >>>> >> >
>>> >>>> >> > Your port 80 vhost redirects users with protocol
https to your
>>> >>>> >> > port
>>> >>>> >> > 8443
>>> >>>> >> > vhost.
>>> >>>> >> > Your port 8433 vhost is not configured for SSL.
>>> >>>> >> > Your browser attempts to talk SSL to a non SSL
vhost.
>>> >>>> >> > Hilarity ensues.
>>> >>>> >> >
>>> >>>> >> > Cheers
>>> >>>> >> >
>>> >>>> >> > Tom
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > ---------------------------------------------------------------------
>>> >>>> >> > The official User-To-User support forum of the
Apache HTTP
>>> >>>> >> > Server
>>> >>>> >> > Project.
>>> >>>> >> > See <URL:http://httpd.apache.org/userslist.html>
for more info.
>>> >>>> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> >>>> >> > For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>> >> >
>>> >>>> >>
>>> >>>> >>
>>> >>>> >> ---------------------------------------------------------------------
>>> >>>> >> The official User-To-User support forum of the Apache
HTTP Server
>>> >>>> >> Project.
>>> >>>> >> See <URL:http://httpd.apache.org/userslist.html>
for more info.
>>> >>>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> >>>> >> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>> >>
>>> >>>> >
>>> >>>>
>>> >>>> ---------------------------------------------------------------------
>>> >>>> The official User-To-User support forum of the Apache HTTP Server
>>> >>>> Project.
>>> >>>> See <URL:http://httpd.apache.org/userslist.html> for more
info.
>>> >>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> >>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>>
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Born in Roswell... married an alien...
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> The official User-To-User support forum of the Apache HTTP Server
>>> >> Project.
>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> >> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message