You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bob Smith <ss...@gmail.com> on 2010/04/18 18:16:42 UTC
[users@httpd] SSL Accelerator and LDAP Auth Question
Hello,
I noticed in the archive that my message got mangled making it
completely unreadable, so please excuse my double post, I am posting
from my Gmail account instead. My original message follows.
I am trying to configure Apache 2.2 to allow act as an SSL accelerator
with LDAP authentication and I'm having two issues.
My first issue is I cannot get Apache to work as an SSL accelerator.
My current configuration:
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>
DocumentRoot "/mnt/data/remote"
ServerName site.system.com
SSLEngine On
SSLCertificateFile /etc/key/cert.crt
SSLCertificateKeyFile /etc/key/cert.key
ProxyPass /app1/ http://srv1.system.com/app1/
ProxyPassReverse /app1/ http://srv1.system.com/app1/
ProxyHTMLURLMap http://srv1.system.com/app1 /app1
</VirtualHost>
The above configuration works perfectly when it it is configured as a
non-ssl site, and the reverse proxy works exactly as expected. When
SSL is enabled as it is above, the links within pages for app1 are not
re-written to be https:// and therefore it does not work. I have
tried fiddling with the ProxyHTMLURLMap to no avail. Can anyone
suggest where I am going wrong?
My second question is with AuthLdap, and I think is a simple one. I'd
like to secure my SSL accelerator using LDAP against Active Directory.
This works as expected, but I was wondering if there was a way to
specify authentication for the entire virtual host rather that
repeating the same configuration in the directory and location blocks.
Below is what hopefully my final configuration would look like once I
figure out the SSL accelerator with reverse proxy issue above
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>
DocumentRoot "/opt/site"
ServerName site.system.com
SSLEngine On
SSLCertificateKeyFile /etc/key/file.key
SSLCertificateChainFile /etc/key/file.crt
ErrorLog /var/log/apache2/remote/error.log
CustomLog /var/log/apache2/remote/access.log common
Options -Indexes
<Directory /*>
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "site.system.com"
AuthLDAPURL
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN "user@system.com"
AuthLDAPBindPassword password
require ldap-group DC=site,DC=com
</Directory>
#RewriteRule ^/app2$ app2/ [R]
<Location /app1>
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "site.system.com"
AuthLDAPURL
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN "user@system.com"
AuthLDAPBindPassword password
require ldap-group DC=site,DC=com
ProxyPass http://srv1/app1/
ProxyPassReverse http://srv1/app1/
#ProxyHTMLURLMap http://srv1/app1/ /app1/
#ProxyHTMLURLMap http://srv1/app1 /app1
</Location>
</VirtualHost>
Any suggestions are appreciated.
Simon
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org