You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/01/18 12:41:34 UTC
[Bug 63089] New: It is not possible to set SSLProxyEngine in
section even that the documentation says it is
https://bz.apache.org/bugzilla/show_bug.cgi?id=63089
Bug ID: 63089
Summary: It is not possible to set SSLProxyEngine in <Proxy>
section even that the documentation says it is
Product: Apache httpd-2
Version: 2.4.25
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: klaus+apache@ethgen.ch
Depends on: 60757
Target Milestone: ---
I need to proxy requests to multiple backends reachable only by SSL (https or
ajp via SSL). An additional need is regular checks via proxy_hcheck.
Beside bug 60757, which is a real blocker, there is complete mismatch between
documentation and reality.
The bigest problem is that if I configure the proxy balancer system wide in a
<Proxy> block, I have to enable SSLProxyEngine. The documentation says that it
can be in a <Proxy> block
(https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxyengine) but apache
is refusing to start with a syntax error when trying that. But without that
setting, the hcheck will fill up the error log not be able to use ssl backend.
The solution would be to put it inside a VirtualHost block and enable ssl
there. But then, I run into bug 60757 and hcheck does not work at all.
Referenced Bugs:
https://bz.apache.org/bugzilla/show_bug.cgi?id=60757
[Bug 60757] mod_proxy_hcheck Doesn't perform checks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63089] Document 2.4.30 as the first version handling SSL proxy
settings in sections
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63089
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|mod_ssl |Documentation
Version|2.4.25 |2.4.37
Summary|It is not possible to set |Document 2.4.30 as the
|SSLProxyEngine in <Proxy> |first version handling SSL
|section even that the |proxy settings in <Proxy>
|documentation says it is |sections
Assignee|bugs@httpd.apache.org |docs@httpd.apache.org
--- Comment #1 from Rainer Jung <ra...@kippdata.de> ---
The feature was first released in 2.4.32 (introduced in 2.4.30, but that
version and the following weren't released). So it is not available in your
version 2.4.25.
That the version for the feature is only documented in the Changelog is a
documentation bug. Therefore I keep this issue open to remember that we need to
improve the docs.
Note that the feature introduced a regression, which in turn was fixed in
2.4.34. You might want to try the latest version 2.4.37. Version 2.4.38 is on
its way but it will take a few days (if testing and voting doesn't show
regressions) before it will be released.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org