Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 41D9210421 for ; Thu, 22 Jan 2015 08:37:01 +0000 (UTC) Received: (qmail 47701 invoked by uid 500); 22 Jan 2015 08:36:55 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 47667 invoked by uid 500); 22 Jan 2015 08:36:55 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 47657 invoked by uid 99); 22 Jan 2015 08:36:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jan 2015 08:36:55 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED X-Spam-Check-By: apache.org Received-SPF: error (nike.apache.org: local policy) Received: from [207.126.144.141] (HELO eu1sys200aog116.obsmtp.com) (207.126.144.141) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Jan 2015 08:36:29 +0000 Received: from mail-we0-f179.google.com ([74.125.82.179]) (using TLSv1) by eu1sys200aob116.postini.com ([207.126.147.11]) with SMTP ID DSNKVMC2P9OgD2Fdfpb8db4M/zNaWffRpQL6@postini.com; Thu, 22 Jan 2015 08:36:27 UTC Received: by mail-we0-f179.google.com with SMTP id q59so276263wes.10 for ; Thu, 22 Jan 2015 00:35:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ZgQ5r62pGDc4+nd6AAqFWaSlNUE5scHyPHrj9S0CQq4=; b=EVEp9dO9O7Jr8qt+r8s7jOohRbtdcvYRYqYJ2rlPpAJniTexmrZwjSmog01n/zz1r3 bVNTA9qDZ+FH0HAqzejrriVms/lir7nih56VujacukKCmJlIiizshPOSYATNaGE3k2/1 /wlWhc0v61mc9I7NE5xK8pMgFOcYrx/EZn83xRlHdPPDlhITH/HPL+2dGeZ7vycZxXkq jinFfhiwtCYBGmNRlmQ7SHZOJryl6NokuQ9gubmJ6k3pk90EYPVb57Y3o6h326ALR/A/ +lFK6+FH/y1i8DDyZbdx2+kUQbqjZxSvywL3+1JLmTjxvIJSKAage1X0yJC1OfFB8Hxz Hl5w== X-Gm-Message-State: ALoCoQn4v2Qdf8YqvqnWPeUtSRfoG2dBOjemQGR063Kig5ytecIZ0/ATITShemvBswrDHc20O2P9g/YegO8+9LM+ckA2f4DkWy51/+UNn7bx9juqlQYWvwss1EsK08W63xRSzeXS/5OE6YDOLk/dLCvbkSYpu3UdLQ== X-Received: by 10.194.242.6 with SMTP id wm6mr463512wjc.7.1421915711595; Thu, 22 Jan 2015 00:35:11 -0800 (PST) X-Received: by 10.194.242.6 with SMTP id wm6mr463484wjc.7.1421915711430; Thu, 22 Jan 2015 00:35:11 -0800 (PST) Received: from [192.168.2.115] (freiburg.jedox.com. [80.72.130.210]) by mx.google.com with ESMTPSA id vs8sm2997923wjc.6.2015.01.22.00.35.10 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 22 Jan 2015 00:35:10 -0800 (PST) Message-ID: <54C0B631.3030202@jedox.com> Date: Thu, 22 Jan 2015 09:34:57 +0100 From: Hendrik Schmieder User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2 MIME-Version: 1.0 To: users@httpd.apache.org References: <36F23E96-34E4-46C2-AB35-AB2D29C37297@electrichendrix.com>,,<0e9db6ae95584fa89267e15d23916a1e@mailsrv.electrichendrix.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Proxy pass Chris Arnold schrieb: > > ________________________________________ > From: Chris Arnold > Sent: Tuesday, January 20, 2015 9:07 PM > To: users@httpd.apache.org > Subject: RE: [users@httpd] Proxy pass > >> Is there something extra for this to work on Apache 2.4.10? > >>> Compared to what previous level? LogLevel rewrite:trace8 and the >>> error log would be a big help. > > [Wed Jan 21 12:50:06.446776 2015] [ssl:info] [pid 3225] [client 192.168.123.165:50268] AH01964: Connection to child 0 established (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.447167 2015] [ssl:info] [pid 3227] [client 192.168.123.165:50269] AH01964: Connection to child 2 established (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.447741 2015] [ssl:debug] [pid 3225] ssl_engine_kernel.c(1908): [client 192.168.123.165:50268] AH02043: SSL virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.448112 2015] [ssl:debug] [pid 3227] ssl_engine_kernel.c(1908): [client 192.168.123.165:50269] AH02043: SSL virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.497089 2015] [ssl:debug] [pid 3225] ssl_engine_kernel.c(1841): [client 192.168.123.165:50268] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.511149 2015] [ssl:debug] [pid 3227] ssl_engine_kernel.c(1841): [client 192.168.123.165:50269] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.511272 2015] [ssl:info] [pid 3225] (70014)End of file found: [client 192.168.123.165:50268] AH01991: SSL input filter read failed. > [Wed Jan 21 12:50:06.511349 2015] [ssl:debug] [pid 3225] ssl_engine_io.c(1003): [client 192.168.123.165:50268] AH02001: Connection closed to child 0 with standard shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.515121 2015] [ssl:info] [pid 3227] (70014)End of file found: [client 192.168.123.165:50269] AH01991: SSL input filter read failed. > [Wed Jan 21 12:50:06.515245 2015] [ssl:debug] [pid 3227] ssl_engine_io.c(1003): [client 192.168.123.165:50269] AH02001: Connection closed to child 2 with standard shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.531492 2015] [ssl:info] [pid 3229] [client 192.168.123.165:50270] AH01964: Connection to child 4 established (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.532326 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(1908): [client 192.168.123.165:50270] AH02043: SSL virtual host for servername share2.domain.tld found > [Wed Jan 21 12:50:06.583291 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(1841): [client 192.168.123.165:50270] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > [Wed Jan 21 12:50:06.606116 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(243): [client 192.168.123.165:50270] AH02034: Initial (No.1) HTTPS request received for child 4 (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.606184 2015] [rewrite:trace2] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] init rewrite engine with requested uri / > [Wed Jan 21 12:50:06.606198 2015] [rewrite:trace3] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] applying pattern '^/(.*)' to uri '/' > [Wed Jan 21 12:50:06.606232 2015] [rewrite:trace4] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: input='share2.domain.tld' pattern='^share2\\.' => matched > [Wed Jan 21 12:50:06.606246 2015] [rewrite:trace4] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: input='on' pattern='on' => matched > [Wed Jan 21 12:50:06.606257 2015] [rewrite:trace4] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] RewriteCond: input='/' pattern='!^/share2/' => matched > [Wed Jan 21 12:50:06.606267 2015] [rewrite:trace2] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] rewrite '/' -> 'https://share2.domain.tld:8443/share/' > [Wed Jan 21 12:50:06.606278 2015] [rewrite:trace2] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] forcing proxy-throughput with https://share2.domain.tld:8443/share/ > [Wed Jan 21 12:50:06.606289 2015] [rewrite:trace1] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19aa0a0/initial] go-ahead with proxy request proxy:https://share2.domain.tld:8443/share/ [OK] > [Wed Jan 21 12:50:06.606312 2015] [authz_core:debug] [pid 3229] mod_authz_core.c(828): [client 192.168.123.165:50270] AH01628: authorization result: granted (no directives) > [Wed Jan 21 12:50:06.606375 2015] [proxy:debug] [pid 3229] mod_proxy.c(1155): [client 192.168.123.165:50270] AH01143: Running scheme https handler (attempt 0) > [Wed Jan 21 12:50:06.606388 2015] [proxy:debug] [pid 3229] proxy_util.c(2131): AH00942: HTTPS: has acquired connection for (*) > [Wed Jan 21 12:50:06.606401 2015] [proxy:debug] [pid 3229] proxy_util.c(2184): [client 192.168.123.165:50270] AH00944: connecting https://share2.domain.tld:8443/share/ to share2.domain.tld:8443 > [Wed Jan 21 12:50:06.606447 2015] [proxy:debug] [pid 3229] proxy_util.c(2385): [client 192.168.123.165:50270] AH00947: connected /share/ to share2.domain.tld:8443 > [Wed Jan 21 12:50:06.606540 2015] [proxy:debug] [pid 3229] proxy_util.c(2873): AH00962: HTTPS: connection complete to 192.168.123.200:8443 (share2.domain.tld) > [Wed Jan 21 12:50:06.606552 2015] [ssl:info] [pid 3229] [remote 192.168.123.200:8443] AH01964: Connection to child 0 established (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.641082 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / serial: 82D463F66C263CD7 / notbefore: Aug 10 16:17:34 2012 GMT / notafter: Jul 17 16:17:34 2112 GMT] > [Wed Jan 21 12:50:06.641284 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / serial: 82D463F66C263CD7 / notbefore: Aug 10 16:17:34 2012 GMT / notafter: Jul 17 16:17:34 2112 GMT] > [Wed Jan 21 12:50:06.641594 2015] [ssl:debug] [pid 3229] ssl_engine_kernel.c(1378): [remote 192.168.123.200:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=Alfresco Repository,OU=Unknown,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / issuer: CN=Alfresco CA,O=Alfresco Software Ltd.,L=Maidenhead,ST=UK,C=GB / serial: FFF3BCDAE57BBA22 / notbefore: Aug 10 16:21:00 2012 GMT / notafter: Jul 17 16:21:00 2112 GMT] > [Wed Jan 21 12:50:06.641654 2015] [ssl:info] [pid 3229] [remote 192.168.123.200:8443] AH02003: SSL Proxy connect failed > [Wed Jan 21 12:50:06.641719 2015] [ssl:info] [pid 3229] SSL Library Error: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group > [Wed Jan 21 12:50:06.641769 2015] [ssl:info] [pid 3229] SSL Library Error: error:1408D010:SSL routines:SSL3_GET_KEY_EXCHANGE:EC lib > [Wed Jan 21 12:50:06.641788 2015] [ssl:info] [pid 3229] [remote 192.168.123.200:8443] AH01998: Connection closed to child 0 with abortive shutdown (server share2.domain.tld:443) > [Wed Jan 21 12:50:06.641925 2015] [ssl:info] [pid 3229] [remote 192.168.123.200:8443] AH01997: SSL handshake failed: sending 502 > [Wed Jan 21 12:50:06.641993 2015] [proxy_http:error] [pid 3229] (103)Software caused connection abort: [client 192.168.123.165:50270] AH01102: error reading status line from remote server share2.domain.tld:8443 > [Wed Jan 21 12:50:06.642075 2015] [proxy_http:debug] [pid 3229] mod_proxy_http.c(1369): [client 192.168.123.165:50270] AH01105: NOT Closing connection to client although reading from backend server share2.domain.tld:8443 failed. > [Wed Jan 21 12:50:06.642098 2015] [proxy:error] [pid 3229] [client 192.168.123.165:50270] AH00898: Error reading from remote server returned by / > [Wed Jan 21 12:50:06.642113 2015] [proxy:debug] [pid 3229] proxy_util.c(2146): AH00943: HTTPS: has released connection for (*) > [Wed Jan 21 12:50:06.642300 2015] [rewrite:trace2] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19a6fb0/initial/redir#1] init rewrite engine with requested uri /error/HTTP_BAD_GATEWAY.html.var > [Wed Jan 21 12:50:06.642330 2015] [rewrite:trace3] [pid 3229] mod_rewrite.c(475): [client 192.168.123.165:50270] 192.168.123.165 - - [share2.domain.tld/sid#7f94a1a4fd00][rid#7f94a19a6fb0/initial/redir#1] applying pattern '^/(.*)' to uri '/error/HTTP_BAD_GATEWAY.html.var' > > It looks like the proxy is working but there seems to be a SSL handshake issue. This same setup (with the eception of apache 2.2.x) is working fine in production. The apache certificate is a self-signed cert, right now but we have a godaddy cert in the working setup. Can anyone point me in the right direction to get this working? > --------------------------------------------------------------------- My bet is, that the self-signed cert is not trusted in your Apache 2.4 configuration. Hendrik --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org