You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Devraj Mukherjee <de...@gmail.com> on 2009/12/04 06:27:34 UTC
[users@httpd] HTTPS connections via mod_proxy ProxyRemote don't work
Hi all,
I am using Apache as a reverse proxy (primarily because we use
mod_substitute, mod_heads to add Firefox CSS fixes to a web
application provided by a third party for our users). Essentially its
setup as a VirtualHost that reverse proxies the requests to the
external site.
The complication is that this reverse proxy sits in our corporate
network and all external traffic goes through a Squid proxy server. I
am routing the reverse proxy traffic through squid using the
ProxyRemote directive and all works well for HTTP connections.
The external web site has switched to HTTPS and now when I try and
proxy the connection over HTTPS it says
The timeout specified has expired: proxy: HTTPS: attempt to connect ...
ap_proxy_connect_backend disabling worker for (...
Any ideas if I need to do something special when using ProxyRemote and HTTPS?
Thanks.
--
"The secret impresses no-one, the trick you use it for is everything"
- Alfred Borden (The Prestiege)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS connections via mod_proxy ProxyRemote don't
work
Posted by Krist van Besien <kr...@gmail.com>.
On Fri, Dec 4, 2009 at 6:27 AM, Devraj Mukherjee <de...@gmail.com> wrote:
> Any ideas if I need to do something special when using ProxyRemote and HTTPS?
I asume that since your revers proxy does some content mangling that
your clients talk plain http to your proxy?
A few thinks to look at:
- Does your Squid proxy allow the "CONNECT" http method?
- Is apache configured to function as an SSL client? You need at
least to enable SSLProxyEngine, and define an
SSLProxyCACertificatePath.
In the second case you need to add the following to your config:
# turn on SSL proxying.
SSLProxyEngine On
# to tell Apache where to find CA certificates to check remote server
# certificates with:
# (You can choose yourself where you put these certificates)
SSLProxyCACertificatePath /path/to/ca/certificates.
Then in this path you need to put the CA certificate(s) used to sign
the certificate(s) used by the server(s) you communicate with. If you
want to talk to a server that uses a "self signed" certificate you
will need to put it in this dir too.
Once you've done that you need to run "c_rehash" in that directory.
c_rehash is part of a standard openssl distribution. c_rehash creates
hashed aliases in this dir. Apache needs these.
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org