You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "daytan379@tiscali.it" <da...@tiscali.it> on 2010/12/01 13:24:35 UTC

[users@httpd] R: Re: [users@httpd] Apache 2.0 reverse proxy

This is my ssl.conf 
<IfDefine SSL>
Listen 0.0.0.0:443
AddType 
application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:
/var/run/apache2/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:
/var/run/apache2/ssl_mutex
<VirtualHost *:443>
DocumentRoot 
"/var/apache2/htdocs"
ServerAdmin sergio.giovanni.capponi@bpm.it

ErrorLog /var/apache2/logs/error_log
TransferLog 
/var/apache2/logs/access_log
SSLEngine on

SSLCipherSuite ALL:!ADH:!
EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA:
+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile 
/etc/apache2/ssl.crt/server.crt

SSLCertificateKeyFile /etc/apache2/ssl.
key/server.key

<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/apache2/cgi-bin">

    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" 
\
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 
force-response-1.0
CustomLog /var/apache2/logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ProxyRequests Off
ProxyRemote * http://10.10.10.10:8080
ProxyPass / 
https://test.external.it:443/
ProxyPassReverse / https://test.external.
it:443/
</VirtualHost>                                  
</IfDefine>


The SSL connection work. 
The problem is
I wish that when the apache 
must connect to https://test.external.it:443 pass through the proxy 
http://10.10.10.10:8080.

Thank's 
Giovanni

----Messaggio 
originale----
Da: i.galic@brainsware.org
Data: 01/12/2010 13.14
A: 
<us...@httpd.apache.org>, <da...@tiscali.it>
Ogg: Re: [users@httpd] 
Apache 2.0 reverse proxy


----- daytan379@tiscali.it wrote:

> I 
install
> Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d DAV/2 on 

> solaris platform. 
> 
> I want configure my apache how reverse 
proxy. 
> I want to configure my reverse proxy as a https site. But to 
reach that
> site, https must go through an http proxy.

This doesn't 
make *any* sense (to me).

> I have configured
> 
> On 
> 
SSLProxyEngine
> ServerName myserver
> ProxyPass / https://test:443/
> 

> ProxyPassReverse / https://test:443/

What 

> 
SSLProxyCACertificateFile # / etc 

is 

> / apache / ssl.crt / cacerts.
crt

This?

> * ProxyRemote http://10.10.10.10.:8080

It looks broken, 
one way or the other. Please paste your
*real* configuration.
The only 
thing that I can read from it is that:
ProxyRemote takes two arguments, 
hence the error.


You shouldn't need ProxyRemote at all in your 
configuration.

Or am I misunderstanding your set-up?
 
 
> But when I 
try to connect I receive on Error log
> [Wed Dec 01 09:51:40 
> 2010] 
[notice] Digest: generating secret for digest authentication
> ...
> 
> 
[Wed Dec 01 09:51:40 2010] [notice] Digest: done
> [Wed Dec 01 09:51:
40 
> 2010] [notice] Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7d

> DAV/2 
> configured -- resuming normal operations
> [Wed Dec 01 09:51:
52 2010] 
> [error] (20014)Error string not specified yet: proxy: pass 
request
> body 
> failed to 10.10.10.10:8080 (10.10.10.10)
> [Wed Dec 
01 09:51:52 2010] 
> [error] (20014)Error string not specified yet: 
proxy: pass request
> body 
> failed to 10.10.10.10:8080 (10.10.10.10) 
from 10.10.13.11 ()
> 
> Any Ideas 
> ?
> Than'k 
> Giovanni

So long,

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.
org
URL: http://brainsware.org/





Supera i limiti: raddoppia la velocità da 10 a 20 Mega!   Risparmia con Tutto Incluso: telefono + adsl 20 mega a soli 29,95 € al mese per due anni!  SCONTO DI 240 EURO!  http://abbonati.tiscali.it/telefono-adsl/prodotti/tc/tuttoincluso/?WT.mc_id=01fw 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org