You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by mail mail <po...@yandex.ru> on 2020/04/17 17:25:52 UTC
[users@httpd] Two web-servers with different IP in LAN
Hello.
There are two web servers in LAN:
192.168.1.10
\- site1.mydom.com
\- site2.mydom.com
\- site3.mydom.com
192.168.1.20
\- portal.mydom.com
in iptables, all requests for ports 80 and 443 are redirected to 192.168.1.10.
The certificates received from letsencrypt for site1,2,3 are stored and
connected on 192.168.1.10 - and here everything works, there are no questions.
The certificates received from letsencrypt for the portal are stored and
connected to 192.168.1.20 - and the question is:
How to write VirtualHost to 192.168.1.10 so that all requests (http, https)
for portal.mydom.com go to 192.168.1.20?
Thank you in advance!
\--------------------------------------------------------------------- To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional
commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Two web-servers with different IP in LAN
Posted by Antony Stone <An...@apache.open.source.it>.
On Saturday 18 April 2020 at 16:35:30, mail mail wrote:
> I get error:
>
> Sat Apr 18 17:07:06.005494 2020] [ssl:emerg] [pid 16506:tid
> 139660538349440] AH02572: Failed to configure at least one certificate and
> key for portal.mydom.com:443
> [Sat Apr 18 17:07:06.005643 2020] [ssl:emerg] [pid 16506:tid
> 139660538349440] SSL Library Error: error:140A80B1:SSL
> routines:SSL_CTX_check_private_key:no certificate assigned
> And it is true. Those certificates stored in 192.168.1.20
If you configure a machine *either* as an HTTPS proxy *or* as an HTTPS web
server, it needs to have the requested site's SSL certificate on it, otherwise
clients will refuse to connect, or the server will refuse to start.
HTTPS is a security mechanism between a client and the server it is connecting
to. The client knows nothing asbout what that server might do afterwards
(such as connecting on to another server, as a proxy does).
It's entirely feasible to have a web proxy accept HTTP connections and pass
the requests on as HTTPS, or vice versa. If both connections are HTTPS, then
the proxy needs a certificate for the site the client is asking to connect to,
and the proxy needs to trust the certificate presented by the ultimate origin
server (ie: the "real" web server). Those certificates might both be the same
(in which case you probably need a pretty unusual DNS setup), but the basic
rule is that anything answering HTTPS requests has to have a valid certificate
for what is being requested.
Regards,
Antony.
--
Douglas was one of those writers who honourably failed to get anywhere with
'weekending'. It put a premium on people who could write things that lasted
thirty seconds, and Douglas was incapable of writing a single sentence that
lasted less than thirty seconds.
- Geoffrey Perkins, about Douglas Adams
Please reply to the list;
please *don't* CC me.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Two web-servers with different IP in LAN
Posted by mail mail <po...@yandex.ru>.
18.04.2020, 09:37, "Walter H." <wa...@mathemainzel.info>:
> you can configure 192.168.1.10 as a proxy for 192.168.1.20 for
> accessing portal.mydom.com
>
> this looks simiar to this:
>
> <VirtualHost 192.168.1.10:80>
> ServerName portal.mydom.com:80
>
> ProxyPass / <http://192.168.1.20/>
> ProxyPassReverse / <http://192.168.1.20/>
> </VirtualHost>
>
> similar with 443 (https)
Thanks for answer, but not worked. I get error:
Sat Apr 18 17:07:06.005494 2020] [ssl:emerg] [pid 16506:tid 139660538349440]
AH02572: Failed to configure at least one certificate and key for
portal.mydom.com:443
[Sat Apr 18 17:07:06.005643 2020] [ssl:emerg] [pid 16506:tid 139660538349440]
SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no
certificate assigned
And it is true. Those certificates stored in 192.168.1.20
My VirtualHost now is:
<VirtualHost *:80>
ServerName portal.mydom.com:80
ProxyPass / http://192.168.1.20/
ProxyPassReverse / http://192.168.1.20/
</VirtualHost>
<VirtualHost *:443>
ServerName portal.mydom.com:443
ProxyPass / https://192.168.1.20/
ProxyPassReverse / <https://192.168.1.20/>
</VirtualHost>
Re: [users@httpd] Two web-servers with different IP in LAN
Posted by "Walter H." <Wa...@mathemainzel.info>.
On 17.04.2020 19:25, mail mail wrote:
> Hello.
> There are two web servers in LAN:
> 192.168.1.10
> - site1.mydom.com
> - site2.mydom.com
> - site3.mydom.com
> 192.168.1.20
> - portal.mydom.com
> in iptables, all requests for ports 80 and 443 are redirected to
> 192.168.1.10.
> The certificates received from letsencrypt for site1,2,3 are stored
> and connected on 192.168.1.10 - and here everything works, there are
> no questions.
> The certificates received from letsencrypt for the portal are stored
> and connected to 192.168.1.20 - and the question is:
> How to write VirtualHost to 192.168.1.10 so that all requests (http,
> https) for portal.mydom.com go to 192.168.1.20?
> Thank you in advance!
you can configure 192.168.1.10 as a proxy for 192.168.1.20 for
accessing portal.mydom.com
this looks simiar to this:
<VirtualHost 192.168.1.10:80>
ServerName portal.mydom.com:80
ProxyPass / http://192.168.1.20/
ProxyPassReverse / http://192.168.1.20/
</VirtualHost>
similar with 443 (https)