RE: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for Citrix MetaFrame Presentation Server

["Joost Heer, de" <j....@atriummc.nl>]

>>> Ruiyuan Jiang <Ru...@liz.com> 3-6-2010 23:02 >>>
>Hi, I tested and I got "ssl error code 47" error. It seems to me that Apache wants to terminate any port 443 traffic. 
>The Citrix presentation server does not allow termination of the traffic at port 443. Otherwise Citrix will have an error.
>Is there a way to let Apache proxy server passing port 443 traffic without doing anything like a firewall does?

As far as I know not with Apache. You either need NAT-ting on your firewall, or a software NAT like rinetd (http://www.boutell.com/rinetd/ or a package from your own distribution if available).

If you use https on Apache only for CPS-traffic, you can remove the Apache https-configuration. Your rinetd.conf should look like:

external.ip.address 443 internal.ip.address 443
logfile /var/log/rinetd.log

If you need Apache to listen on 443 for other uses, you'll either have to add a second IP address to your frontend server and have rinetd listen on that address (and Apache on the original one), or use a different CPS-port (and change 443 in the rinetd configuration to match that port).

Please note that this will expose your CPS (CSG?) directly to the internet. It also means that clients will see the certificate published on the Citrix-server, so be sure that your clients trust that certificate.

Joost


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org