You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Manuel Vicente Lozano <ma...@xunta.es> on 2009/10/20 11:15:35 UTC

[users@httpd] Reverse SSL Proxy in cluster Configuration

Hi all,

    We're trying to mount a reverse proxy cluster using two apache 
severs (httpd v2.2.14) balanced by a hardware load balancer (CISCO). 
This balancer distribute the incoming requests to each reverse proxy. 
The implented system seems to work well with most of the applications 
but we have found some problems with an SSL application when somebody 
wants to upload files: the error 413 use to appears (not always): 
Request Entity Too Large. We have no clue about the problem. The thing 
is with only one server active of the cluster the application works 
perfectly.
The configuration is shared between proxys and the reverse-proxy is 
implemented using name virtual hosts.

Any idea?

Regards,

Regards,

Manuel Vicente.



VirtualHost Configuration

<VirtualHost *:443>
        ServerName plataform-temp.example.com:443

        ErrorLog "/usr/local/apache2/logs/error_plataform_ssl.log"
        CustomLog "/usr/local/apache2/logs/access_plataform_ssl.log" 
combined

        KeepAlive On
        KeepAliveTimeOut 15

        Include conf/ssl.conf
        <Location />

                SSLRequireSSL
                SSLVerifyClient require
                SSLVerifyDepth 1
                SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
                SSLOptions +ExportCertData +OptRenegotiate

                #Weblogic module configuration

                SetHandler weblogic-handler
                WebLogicHost sxpa1.example.com
                WebLogicPort 8057
                MatchExpression *.jsp
                PathPrepend /siplex/
        </Location>
</VirtualHost>

ssl.conf:

SSLEngine On
SSLProxyEngine On
<Directory />
   SSLRequireSSL
</Directory>

SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/wildcard.pem
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/wildcard.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle.crt

SSLOptions +FakeBasicAuth +StrictRequire
SSLVerifyClient none


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org