Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (athena.apache.org: domain of andriu.one@gmail.com
 designates 209.85.212.173 as permitted sender)
Received-SPF: pass (google.com: domain of andriu.one@gmail.com designates
 10.180.99.65 as permitted sender) client-ip=10.180.99.65;
MIME-Version: 1.0
In-Reply-To: 
 <CAAZenJ1N=2o3AF4mrnbo=mqwT02-FP-f4eA0q1Oz5LYrzEKQFQ@mail.gmail.com>
References: 
 <CAAZenJ0pi5ozzG=aRTM9zPZ2M9UCjTxkk4sfV1x6AUnrZ4b33A@mail.gmail.com>
 <CAFHbX1LQ+_XMeCatLU++gif-XEVKwm1GTp0HY+DWOtTc-5eRmQ@mail.gmail.com>
 <CAAZenJ0AhZ_1ZuNOmQG88AK_6UPsyseM_P7zvtC_fhP-0s0Kng@mail.gmail.com>
 <CAAKASGzkoJih6TuhwWBYECxMxJmZN3Z5u9FwtkRrrrA=XqGLOA@mail.gmail.com>
 <CAAZenJ1o4fjrBy=c-jonuc7GYreGQzcC+kvsQ55Vb+D_c8ybyA@mail.gmail.com>
 <CAAKASGxfeg=Y=LSSBZuATu-f45SxHJUB31a3_aqKi5_HW25vbg@mail.gmail.com>
 <CAKUrXK524a7QeOFMR=0C0z6PF4yJbWK7zB2BJZGwJia93Z1OXg@mail.gmail.com>
 <CAAZenJ0542+f_a=wbV-bjRn+tbKfvh7GtuMz5BukNhfyAk1cOQ@mail.gmail.com>
 <CAAZenJ1Zn11LHyS=EVALKwicjS=YPZFdGo32P+c8ecmxdPXEWA@mail.gmail.com>
 <CAAKASGwPoqbgofQ5UGW0Tm17nhxVsfc1yr-TbDRSJcnGZbeLKg@mail.gmail.com>
 <CAAZenJ1N=2o3AF4mrnbo=mqwT02-FP-f4eA0q1Oz5LYrzEKQFQ@mail.gmail.com>
From: Andres Aguado <andriu.one@gmail.com>
Date: Tue, 21 Feb 2012 17:23:34 +0100
Message-ID: 
 <CAAZenJ3etsmNwrvXH4Zx0jq4cP00Haxx_TtOzku=gUaAXrdmXw@mail.gmail.com>
To: users@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [users@httpd] Reverse proxy problem

Well, after looking for, copying/pasting, testing, changing and
looking for again, it seems that my problem was that i needed to add
the following line into my virtual host:443

SSLProxyEngine on

Now it's working

Thanks all for your responses, your help and your patient

Regards,
Andres

2012/2/20 Andres Aguado <andriu.one@gmail.com>:
> Yes, into httpd-ssl.conf
>
> # Note: Configurations that use IPv6 but not IPv4-mapped addresses need t=
wo
> # =A0 =A0 =A0 Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:44=
3"
> #
> Listen 8443
>
>
>
> 2012/2/20 Igor Cicimov <icicimov@gmail.com>:
>> Do you have
>> Listen 8443
>> at all in your config?
>>
>> On Feb 20, 2012 10:28 PM, "Andres Aguado" <andriu.one@gmail.com> wrote:
>>>
>>> mmmmm, i've configured on other machine, other apache 2.2 as reverse
>>> proxy and i've forwarded request to https://www.ingdirect.es, and the
>>> error is the same
>>>
>>> This is a very strange cuestion but, do you know if these
>>> configurations should work?, is it necessary to make any strange
>>> configuration?
>>>
>>> Regards
>>> Andres
>>>
>>> 2012/2/20 Andres Aguado <andriu.one@gmail.com>:
>>> > Hi again. Here we are again
>>> >
>>> > Sorry, but I don't understand that dns error, because i'm connecting
>>> > to ip interface. I'm not connecting to dns name to simplify the issue=
.
>>> > And i can connect from proxy to backend ok to https port. the problem
>>> > seems to be when virtual host "proxypass" the request, because i can
>>> > connect from another machine to https://192.168.112.57 too
>>> >
>>> > Jeff, I've changed proxypass and proxypassreverse sentences adding / =
a
>>> > the end but it's not working.
>>> >
>>> > Arrrrrrrrrrrrrrrrrrgggggggggg, I can't believe this configuration is
>>> > so difficult. It looked easy when i started it!
>>> >
>>> > 2012/2/17 Jeff Trawick <trawick@gmail.com>:
>>> >> On Fri, Feb 17, 2012 at 10:28 AM, Igor Cicimov <icicimov@gmail.com>
>>> >> wrote:
>>> >>> You have DNS error. Also check if you can connect from the proxy to
>>> >>> the
>>> >>> backend on ssl port.
>>> >>
>>> >> proxy: DNS
>>> >> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg
>>> >>
>>> >> That looks more like a configuration problem... =A0The path is
>>> >> unexpectedly concatenated with the host (okay, IP).
>>> >>
>>> >> Change
>>> >> ProxyPass / https://192.168.112.57
>>> >> to
>>> >> ProxyPass / https://192.168.112.57/
>>> >> (similar for ProxyPassReverse)
>>> >>>
>>> >>> On Feb 18, 2012 1:04 AM, "Andres Aguado" <andriu.one@gmail.com> wro=
te:
>>> >>>>
>>> >>>> Hi again Igor, connecting to https://192.168.112.57 directly, a
>>> >>>> websphere app server (the backend app server for my case) admin pa=
ge
>>> >>>> is shown
>>> >>>>
>>> >>>> The error log shows this files since startup
>>> >>>>
>>> >>>> The Apache2.2 service has restarted.
>>> >>>> arent: Received restart signal -- Restarting the server.
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Child 6132: Exit event signale=
d.
>>> >>>> Child process is ending.
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: generating secret for
>>> >>>> digest authentication ...
>>> >>>> [Fri Feb 17 14:14:15 2012] [notice] Digest: done
>>> >>>> [Fri Feb 17 14:14:16 2012] [notice] Child 6132: Released the start
>>> >>>> mutex
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Apache/2.2.21 (Win32) DAV/2
>>> >>>> mod_ssl/2.2.21 OpenSSL/0.9.8r configured -- resuming normal
>>> >>>> operations
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Server built: Sep =A09 2011
>>> >>>> 10:26:10
>>> >>>> [Fri Feb 17 14:14:17 2012] [notice] Parent: Created child process
>>> >>>> 4308
>>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: generating secret for
>>> >>>> digest authentication ...
>>> >>>> [Fri Feb 17 14:14:18 2012] [notice] Digest: done
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Child process is
>>> >>>> running
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Acquired the start
>>> >>>> mutex.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting 64 worker
>>> >>>> threads.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to
>>> >>>> listen on port 80.
>>> >>>> [Fri Feb 17 14:14:19 2012] [notice] Child 4308: Starting thread to
>>> >>>> listen on port 8443.
>>> >>>> [Fri Feb 17 14:14:22 2012] [error] [client 127.0.0.1] proxy: DNS
>>> >>>> lookup failure for: 192.168.112.57spipe returned by /spipe/pkg
>>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: All worker threads
>>> >>>> have
>>> >>>> exited.
>>> >>>> [Fri Feb 17 14:14:22 2012] [notice] Child 6132: Child process is
>>> >>>> exiting
>>> >>>>
>>> >>>> About app logs, i've not seen it and i don't know what file to loo=
k
>>> >>>> for, so i'll ask app administrator server that sure will know it
>>> >>>>
>>> >>>> Thanks!
>>> >>>> andres
>>> >>>>
>>> >>>> 2012/2/17 Igor Cicimov <icicimov@gmail.com>:
>>> >>>> > What is in the error file dude not the access one? Since you are
>>> >>>> > proxying to
>>> >>>> > https://192.168.112.57 do you have ssl enabled on that server? W=
hat
>>> >>>> > do
>>> >>>> > you
>>> >>>> > see in its log file?
>>> >>>> >
>>> >>>> > Since you said http proxying works i suspect you don't have ssl
>>> >>>> > configured
>>> >>>> > on the backend 192.168.112.57.
>>> >>>> >
>>> >>>> >
>>> >>>> > On Fri, Feb 17, 2012 at 8:57 PM, Andres Aguado
>>> >>>> > <andriu.one@gmail.com>
>>> >>>> > wrote:
>>> >>>> >>
>>> >>>> >> Sorry Tom, here is an important piece of httpd-ssl.conf
>>> >>>> >>
>>> >>>> >> SSLEngine on =A0 #Behind proxypass sentences
>>> >>>> >> SSLCertificateFile "C:\Program Files (x86)\Apache Software
>>> >>>> >> Foundation\Apache2.2\conf\ssl\server.crt"
>>> >>>> >> SSLCertificateKeyFile "C:\Program Files (x86)\Apache Software
>>> >>>> >> Foundation\Apache2.2\conf\ssl\server.key"
>>> >>>> >>
>>> >>>> >> .crt and .key files has been created and are present in specifi=
ed
>>> >>>> >> directory
>>> >>>> >>
>>> >>>> >> Actuallly, redirect to https is disabled, and i'm not connectin=
g
>>> >>>> >> to
>>> >>>> >> http, i'm connecting to https://ipreverseproxy:8443 directly.
>>> >>>> >>
>>> >>>> >> Regards
>>> >>>> >> Andres
>>> >>>> >>
>>> >>>> >> 2012/2/17 Tom Evans <tevans.uk@googlemail.com>:
>>> >>>> >> > On Thu, Feb 16, 2012 at 2:31 PM, Andres Aguado
>>> >>>> >> > <andriu.one@gmail.com>
>>> >>>> >> > wrote:
>>> >>>> >> >> Hi all, i'd like to expose my problem because i'm going craz=
y,
>>> >>>> >> >> and
>>> >>>> >> >> if
>>> >>>> >> >> anyone could help me it'll be very appreciated.
>>> >>>> >> >>
>>> >>>> >> >> Well, I've an apache 2.2 server over win2k8, and i want to
>>> >>>> >> >> configure
>>> >>>> >> >> it as reverse proxy to send request to backend Websphere ser=
ver
>>> >>>> >> >>
>>> >>>> >> >> So, my httpd.conf file is written like this:
>>> >>>> >> >>
>>> >>>> >> >> NameVirtualHost *:80
>>> >>>> >> >> <VirtualHost *:80>
>>> >>>> >> >> =A0 =A0 =A0DocumentRoot "C:\Program Files (x86)\Apache Softw=
are
>>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example"
>>> >>>> >> >> =A0 =A0 =A0ServerName www.my_example.es:80
>>> >>>> >> >> =A0 =A0 =A0ServerRoot "C:\Program Files (x86)\Apache Softwar=
e
>>> >>>> >> >> Foundation\Apache2.2"
>>> >>>> >> >> =A0 =A0 =A0DirectoryIndex index.html
>>> >>>> >> >> =A0 =A0 =A0Redirect / https://www.my_example.es:8443
>>> >>>> >> >> =A0 =A0 =A0ErrorLog "C:\Program Files (x86)\Apache Software
>>> >>>> >> >> Foundation\Apache2.2\logs\error.log"
>>> >>>> >> >> =A0 =A0 =A0TransferLog "C:\Program Files (x86)\Apache Softwa=
re
>>> >>>> >> >> Foundation\Apache2.2\logs\access.log"
>>> >>>> >> >>
>>> >>>> >> >> =A0 =A0 =A0ProxyRequests Off
>>> >>>> >> >> </VirtualHost>
>>> >>>> >> >>
>>> >>>> >> >> And i've configured virtual host on 8443 in httpd-ssl.conf l=
ike
>>> >>>> >> >> this:
>>> >>>> >> >>
>>> >>>> >> >> <VirtualHost _default_:8443>
>>> >>>> >> >> =A0 =A0 =A0DocumentRoot "C:\Program Files (x86)\Apache Softw=
are
>>> >>>> >> >> Foundation\Apache2.2\htdocs\my_example"
>>> >>>> >> >> =A0 =A0 =A0DirectoryIndex index2.html
>>> >>>> >> >> =A0 =A0 =A0ServerName www.my_example.es:8443
>>> >>>> >> >> =A0 =A0 =A0ServerAdmin admin@my_example.es
>>> >>>> >> >> =A0 =A0 =A0ErrorLog "C:\Program Files (x86)\Apache Software
>>> >>>> >> >> Foundation\Apache2.2\logs\error.log"
>>> >>>> >> >> =A0 =A0 =A0TransferLog "C:\Program Files (x86)\Apache Softwa=
re
>>> >>>> >> >> Foundation\Apache2.2\logs\access.log"
>>> >>>> >> >>
>>> >>>> >> >> =A0 =A0 =A0ProxyRequests Off
>>> >>>> >> >> =A0 =A0 =A0ProxyPreserveHost On
>>> >>>> >> >> =A0 =A0 =A0ProxyPass / https://192.168.112.57
>>> >>>> >> >> =A0 =A0 =A0ProxyPassReverse / https://192.168.112.57
>>> >>>> >> >> </VirtualHost>
>>> >>>> >> >>
>>> >>>> >> >> Proxy modules enabled are mod_proxy.so and mod_proxy_http.so
>>> >>>> >> >> But this configuration is not working.
>>> >>>> >> >>
>>> >>>> >> >> If i comment both proxypass sentences and try, it connects t=
o
>>> >>>> >> >> local
>>> >>>> >> >> index.html page, but if i enable proxypass sentences, it tri=
es
>>> >>>> >> >> to
>>> >>>> >> >> connect, typical website certificate error (continue to this
>>> >>>> >> >> site)
>>> >>>> >> >> appears in iexplorer and internal server error page is
>>> >>>> >> >> displayed.
>>> >>>> >> >>
>>> >>>> >> >> Could anyone help me please?
>>> >>>> >> >>
>>> >>>> >> >> Thank you very much
>>> >>>> >> >> Andres
>>> >>>> >> >>
>>> >>>> >> >
>>> >>>> >> > Your port 80 vhost redirects users with protocol https to you=
r
>>> >>>> >> > port
>>> >>>> >> > 8443
>>> >>>> >> > vhost.
>>> >>>> >> > Your port 8433 vhost is not configured for SSL.
>>> >>>> >> > Your browser attempts to talk SSL to a non SSL vhost.
>>> >>>> >> > Hilarity ensues.
>>> >>>> >> >
>>> >>>> >> > Cheers
>>> >>>> >> >
>>> >>>> >> > Tom
>>> >>>> >> >
>>> >>>> >> >
>>> >>>> >> > -------------------------------------------------------------=
--------
>>> >>>> >> > The official User-To-User support forum of the Apache HTTP
>>> >>>> >> > Server
>>> >>>> >> > Project.
>>> >>>> >> > See <URL:http://httpd.apache.org/userslist.html> for more inf=
o.
>>> >>>> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>> >> > =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apa=
che.org
>>> >>>> >> > For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>> >> >
>>> >>>> >>
>>> >>>> >>
>>> >>>> >> ---------------------------------------------------------------=
------
>>> >>>> >> The official User-To-User support forum of the Apache HTTP Serv=
er
>>> >>>> >> Project.
>>> >>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >>>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>> >> =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apach=
e.org
>>> >>>> >> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>> >>
>>> >>>> >
>>> >>>>
>>> >>>> ------------------------------------------------------------------=
---
>>> >>>> The official User-To-User support forum of the Apache HTTP Server
>>> >>>> Project.
>>> >>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >>>> =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apache.o=
rg
>>> >>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>>>
>>> >>>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Born in Roswell... married an alien...
>>> >>
>>> >> --------------------------------------------------------------------=
-
>>> >> The official User-To-User support forum of the Apache HTTP Server
>>> >> Project.
>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >> =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apache.org
>>> >> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Proje=
ct.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> =A0 " =A0 from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org