You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bob Smith <si...@hotmail.com> on 2010/04/17 17:00:03 UTC

[users@httpd] SSL Accelerator and LDAP Auth Question


Hello,
I am trying to configure Apache 2.2 to allow act as an SSL accelerator with LDAP authentication and I'm having two issues.  
My first issue is I cannot get Apache to work as an SSL accelerator.  My current configuration:
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>
    DocumentRoot "/mnt/data/remote"    ServerName site.system.com 
    SSLEngine On    SSLCertificateFile /etc/key/cert.crt    SSLCertificateKeyFile /etc/key/cert.key        ProxyPass           /app1/       http://srv1.system.com/app1/    ProxyPassReverse    /app1/       http://srv1.system.com/app1/    ProxyHTMLURLMap     http://srv1.system.com/app1 /app1</VirtualHost>
The above configuration works perfectly when it it is configured as a non-ssl site, and the reverse proxy works exactly as expected.  When SSL is enabled as it is above, the links within pages for app1 are not re-written to be https:// and therefore it does not work.  I have tried fiddling with the ProxyHTMLURLMap to no avail.  Can anyone suggest where I am going wrong?
My second question is with AuthLdap, and I think is a simple one.  I'd like to secure my SSL accelerator using LDAP against Active Directory.  This works as expected, but I was wondering if there was a way to specify authentication for the entire virtual host rather that repeating the same configuration in the directory and location blocks. Below is what hopefully  my final configuration would look like once I figure out the SSL accelerator with reverse proxy issue above
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>    DocumentRoot "/opt/site"    ServerName site.system.com
    SSLEngine On    SSLCertificateKeyFile /etc/key/file.key    SSLCertificateChainFile /etc/key/file.crt
    ErrorLog /var/log/apache2/remote/error.log    CustomLog /var/log/apache2/remote/access.log common
    Options -Indexes
    <Directory /*>            AuthBasicProvider ldap            AuthType Basic            AuthzLDAPAuthoritative off            AuthName "site.system.com"            AuthLDAPURL "ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)" NONE            AuthLDAPBindDN "user@system.com"            AuthLDAPBindPassword password            require ldap-group DC=site,DC=com    </Directory>
    #RewriteRule ^/app1$ app1/ [R]    <Location /app1/>        ProxyPass http://srv1/app1/        ProxyPassReverse http://srv1/app1/        #ProxyHTMLEnable On        ProxyHTMLURLMap http://srv1/app1 /app1    </Location>
    #RewriteRule ^/app2$ app2/ [R]    <Location /app2>            AuthBasicProvider ldap            AuthType Basic            AuthzLDAPAuthoritative off            AuthName "site.system.com"            AuthLDAPURL "ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)" NONE            AuthLDAPBindDN "user@system.com"            AuthLDAPBindPassword password            require ldap-group DC=site,DC=com
        ProxyPass http://srv2/app2/        ProxyPassReverse http://srv2/app2/        #ProxyHTMLURLMap http://srv2/app2/ /app2/        #ProxyHTMLURLMap http://srv2/app2 /app2    </Location>

</VirtualHost>
Any suggestions are appreciated.
Simon 		 	   		  
_________________________________________________________________
Got a phone? Get Hotmail & Messenger for mobile!
http://go.microsoft.com/?linkid=9724464