You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Nick Kew <ni...@webthing.com> on 2004/12/29 19:14:40 UTC

[users@httpd] Re: https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)

Leif Hanack wrote:

> I'm trying to get the following szenario to work with Apache
> 2.0.51/OpenSSL 0.9.7d.

2.0.51 had some serious problems.  Better not to use it - upgrade to .52
or, if that's not possible for any reason, go back to .50.

> Client --http--> Reverse Proxy  --internal--> Forward Proxy
> (ProxyRemote) --https--> Webserver

Erk!  Are you expecting that "internal" to run http or https?

> My logs :
>
> [Mon Dec 13 14:14:50 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O
> error, 7 bytes expected to read on BIO#a55e90 [mem: a5b670]
> [Mon Dec 13 14:14:50 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL:
> Exit: error in SSLv2/v3 read server hello A
> [Mon Dec 13 14:14:50 2004] [info] SSL Proxy connect failed

Is that from the reverse proxy?  It seems to be trying to connect
with SSL.

> My config :
>
> <VirtualHost serverIP:80>
> ServerName intra-xy.com
> ServerAdmin mailadmin@example.com
> ProxyRequests Off
> ProxyRemote * http://proxyIP:3128
> SSLProxyEngine on
> ProxyPass / https://remoteServerIP/
> ProxyPassReverse / https://remoteServerIP/
> </VirtualHost>

That ProxyRemote appears to be asking for the internal connection to use
http, not https.  If the log entries are from this server ... well,
I'm confused.

Is your "proxyIP:3128" in fact expecting http or https?

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org