You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Hanack Leif <Le...@t-systems.com> on 2004/12/17 10:54:55 UTC

[users@httpd] https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)

Hello,

i have nearly the same problem like 
"nerb"
(http://marc.theaimsgroup.com/?l=apache-httpd-users&m=109474858416348&w=
2) 
and 
"fitzner"
(http://marc.theaimsgroup.com/?l=apache-httpd-users&m=110309511816081&w=
2) 
have.
They do not get any answer. Hope dies last:)) Therefore i hope
that someone can give 'us' an answer, even if it is a "no, that do not
work".

I'm trying to get the following szenario to work with Apache
2.0.51/OpenSSL 0.9.7d.

Client --http--> Reverse Proxy  --internal--> Forward Proxy
(ProxyRemote) --https--> Webserver

Ralf Engelschall said: "when you want to forward to a HTTPS target you
need HTTPS support in mod_proxy. That's only possible with mod_ssl
(which enhanced mod_proxy for HTTPS).  Then you can do all: Accept
HTTP and HTTPS and connect
to HTTP and HTTPS targets, i.e. create gateways in all combinations."

Is it possible that SSL-forwarding is not working when using
ProxyRemote?

My logs :

[Mon Dec 13 14:14:50 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O
error, 7 bytes expected to read on BIO#a55e90 [mem: a5b670]
[Mon Dec 13 14:14:50 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL:
Exit: error in SSLv2/v3 read server hello A
[Mon Dec 13 14:14:50 2004] [info] SSL Proxy connect failed
[Mon Dec 13 14:14:50 2004] [info] Connection to child 1 closed with
abortive shutdown(server 172.16.37.124:80, client 172.16.34.50)
[Mon Dec 13 14:14:50 2004] [error] (20014)Error string not specified
yet: proxy: request failed to 172.16.34.50:3128 (www-cache)

My config : 

<VirtualHost serverIP:80>
ServerName intra-xy.com
ServerAdmin mailadmin@example.com
ProxyRequests Off
ProxyRemote * http://proxyIP:3128 
SSLProxyEngine on 
ProxyPass / https://remoteServerIP/ 
ProxyPassReverse / https://remoteServerIP/ 
</VirtualHost>

In a test szenario where i can reach the 'remoteServer' directly
(without a proxy) it is working.

Client --http--> Reverse Proxy  --https--> Webserver

Sh*t, that the remoteServer is only reachable via proxy :)

Hope you can help me,
thanks in advance, Leif

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org