You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mauri <la...@gmail.com> on 2010/07/01 16:28:41 UTC
[users@httpd] (104)Connection reset by peer: SSL input filter read failed.
Hi expert,
my application crashes (BMC Remedy) in the same point.
This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.
In the apache log i'm reading this error:
[Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
reset by peer: proxy: error reading status line from remote server
10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
10.173.202.231] proxy: NOT Closing connection to client although reading
from backend server 10.10.0.1 failed., referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
reading from remote server returned by
/arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
released connection for (10.10.0.1)
What kind of check can I do?
Many thanks for all suggest, as usual
Cheers,
Mauri
this is my server:
[root@Proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
i386 GNU/Linux
[root@Proxy1 httpd]# rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
this is my ssl.conf configuration:
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost itsmtest:443
<VirtualHost itsmtest:443>
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferLog logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 900
<Location />
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding
</Location>
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Re: [users@httpd] (104)Connection reset by peer: SSL input filter
read failed.
Posted by Mauri <la...@gmail.com>.
Hi,
can someone help?
many thanks,
Mauri
2010/7/2 Mauri <la...@gmail.com>
> Hi Igor,
>
> thanks for the response, u have right about the order, i have changed it.
>
> for the ProxyPassreverse this directive is wrong?
>
>
> <Location />
> ProxyPassReverse https://itsmtest/
> ProxyHTMLEnable On
> ProxyHTMLMeta On
> ProxyHTMLURLMap / /
> RequestHeader unset Accept-Encoding
> </Location>
>
> what I can change or do?
>
> many thanks for the support.
>
> Cheers,
> Mauri
>
>
> 2010/7/2 Igor Cicimov <ic...@gmail.com>
>
> Hi,
>>
>> Using "ProxyRequests off" means the apache is going to be a reverse proxy
>> but I can't see your ProxyPassreverse statement. Also the order of the proxy
>> commands is little bit weird. I wold do it in this way:
>>
>> ProxyRequests off
>>
>> ProxyHTMLLogVerbose On
>> ProxyPreserveHost On
>> ProxyPass / https://10.10.0.1:8443/
>> ProxyPassReverse / https://10.10.0.1:8443/
>> ProxyHTMLURLMap https://itsmtest/ /
>>
>> Cheers,
>> Igor
>>
>>
>> On Fri, Jul 2, 2010 at 12:28 AM, Mauri <la...@gmail.com> wrote:
>>
>>> Hi expert,
>>>
>>> my application crashes (BMC Remedy) in the same point.
>>> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.
>>>
>>> In the apache log i'm reading this error:
>>>
>>> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
>>> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
>>> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection
>>> reset by peer: SSL input filter read failed.
>>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231]
>>> (104)Connection reset by peer: proxy: error reading status line from remote
>>> server 10.10.0.1, referer:
>>> https://itsmtest/arsys/atrium/AtriumConsole.swf
>>> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
>>> 10.173.202.231] proxy: NOT Closing connection to client although reading
>>> from backend server 10.10.0.1 failed., referer:
>>> https://itsmtest/arsys/atrium/AtriumConsole.swf
>>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
>>> reading from remote server returned by
>>> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
>>> https://itsmtest/arsys/atrium/AtriumConsole.swf
>>> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
>>> released connection for (10.10.0.1)
>>>
>>> What kind of check can I do?
>>>
>>> Many thanks for all suggest, as usual
>>> Cheers,
>>> Mauri
>>>
>>> this is my server:
>>>
>>> [root@Proxy1 httpd]# uname -a
>>> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
>>> i386 GNU/Linux
>>> [root@Proxy1 httpd]# rpm -qa | grep httpd
>>> httpd-manual-2.2.3-31.el5_4.2
>>> system-config-httpd-1.3.3.3-1.el5
>>> httpd-2.2.3-31.el5_4.2
>>> httpd-devel-2.2.3-31.el5_4.2
>>>
>>> this is my ssl.conf configuration:
>>>
>>> LoadModule ssl_module modules/mod_ssl.so
>>> LoadFile /usr/lib/libxml2.so
>>> LoadModule proxy_html_module modules/mod_proxy_html.so
>>> LoadModule xml2enc_module modules/mod_xml2enc.so
>>>
>>> Listen 443
>>> AddType application/x-x509-ca-cert .crt
>>> AddType application/x-pkcs7-crl .crl
>>> SSLPassPhraseDialog builtin
>>> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
>>> SSLSessionCacheTimeout 300
>>> SSLMutex default
>>> SSLRandomSeed startup file:/dev/urandom 256
>>> SSLRandomSeed connect builtin
>>> SSLCryptoDevice builtin
>>> NameVirtualHost itsmtest:443
>>> <VirtualHost itsmtest:443>
>>> ServerName itsmtest
>>> ErrorLog logs/ictitsm_ssl_error_log_443
>>> TransferLog logs/ictitsm_ssl_access_log_443
>>> LogLevel Debug
>>> ProxyHTMLLogVerbose On
>>> ProxyPreserveHost On
>>> ProxyPass / https://10.10.0.1:8443/
>>> ProxyHTMLURLMap https://itsmtest/ /
>>> ProxyRequests off
>>> SetEnv force-proxy-request-1.0 1
>>> SetEnv proxy-nokeepalive 1
>>> SetEnv proxy-initial-not-pooled 1
>>> timeout 900
>>>
>>> <Location />
>>> ProxyPassReverse https://itsmtest/
>>> ProxyHTMLEnable On
>>> ProxyHTMLMeta On
>>> ProxyHTMLURLMap / /
>>> RequestHeader unset Accept-Encoding
>>> </Location>
>>>
>>> SSLEngine on
>>> SSLProxyEngine on
>>> SSLProtocol all -SSLv2
>>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>>> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
>>> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
>>> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
>>>
>>> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>>> SSLOptions +StdEnvVars
>>> </Files>
>>> <Directory "/var/www/cgi-bin">
>>> SSLOptions +StdEnvVars
>>> </Directory>
>>> SetEnv proxy-nokeepalive 1
>>> SetEnvIf User-Agent ".*MSIE.*" \
>>> nokeepalive ssl-unclean-shutdown \
>>> downgrade-1.0 force-response-1.0
>>> CustomLog logs/ssl_request_log \
>>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>>> </VirtualHost>
>>
>>
>>
>
Re: [users@httpd] (104)Connection reset by peer: SSL input filter
read failed.
Posted by Mauri <la...@gmail.com>.
Hi Igor,
thanks for the response, u have right about the order, i have changed it.
for the ProxyPassreverse this directive is wrong?
<Location />
ProxyPassReverse https://itsmtest/
ProxyHTMLEnable On
ProxyHTMLMeta On
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding
</Location>
what I can change or do?
many thanks for the support.
Cheers,
Mauri
2010/7/2 Igor Cicimov <ic...@gmail.com>
> Hi,
>
> Using "ProxyRequests off" means the apache is going to be a reverse proxy
> but I can't see your ProxyPassreverse statement. Also the order of the proxy
> commands is little bit weird. I wold do it in this way:
>
> ProxyRequests off
>
> ProxyHTMLLogVerbose On
> ProxyPreserveHost On
> ProxyPass / https://10.10.0.1:8443/
> ProxyPassReverse / https://10.10.0.1:8443/
> ProxyHTMLURLMap https://itsmtest/ /
>
> Cheers,
> Igor
>
>
> On Fri, Jul 2, 2010 at 12:28 AM, Mauri <la...@gmail.com> wrote:
>
>> Hi expert,
>>
>> my application crashes (BMC Remedy) in the same point.
>> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.
>>
>> In the apache log i'm reading this error:
>>
>> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
>> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
>> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
>> by peer: SSL input filter read failed.
>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
>> reset by peer: proxy: error reading status line from remote server
>> 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
>> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
>> 10.173.202.231] proxy: NOT Closing connection to client although reading
>> from backend server 10.10.0.1 failed., referer:
>> https://itsmtest/arsys/atrium/AtriumConsole.swf
>> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
>> reading from remote server returned by
>> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
>> https://itsmtest/arsys/atrium/AtriumConsole.swf
>> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
>> released connection for (10.10.0.1)
>>
>> What kind of check can I do?
>>
>> Many thanks for all suggest, as usual
>> Cheers,
>> Mauri
>>
>> this is my server:
>>
>> [root@Proxy1 httpd]# uname -a
>> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
>> i386 GNU/Linux
>> [root@Proxy1 httpd]# rpm -qa | grep httpd
>> httpd-manual-2.2.3-31.el5_4.2
>> system-config-httpd-1.3.3.3-1.el5
>> httpd-2.2.3-31.el5_4.2
>> httpd-devel-2.2.3-31.el5_4.2
>>
>> this is my ssl.conf configuration:
>>
>> LoadModule ssl_module modules/mod_ssl.so
>> LoadFile /usr/lib/libxml2.so
>> LoadModule proxy_html_module modules/mod_proxy_html.so
>> LoadModule xml2enc_module modules/mod_xml2enc.so
>>
>> Listen 443
>> AddType application/x-x509-ca-cert .crt
>> AddType application/x-pkcs7-crl .crl
>> SSLPassPhraseDialog builtin
>> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
>> SSLSessionCacheTimeout 300
>> SSLMutex default
>> SSLRandomSeed startup file:/dev/urandom 256
>> SSLRandomSeed connect builtin
>> SSLCryptoDevice builtin
>> NameVirtualHost itsmtest:443
>> <VirtualHost itsmtest:443>
>> ServerName itsmtest
>> ErrorLog logs/ictitsm_ssl_error_log_443
>> TransferLog logs/ictitsm_ssl_access_log_443
>> LogLevel Debug
>> ProxyHTMLLogVerbose On
>> ProxyPreserveHost On
>> ProxyPass / https://10.10.0.1:8443/
>> ProxyHTMLURLMap https://itsmtest/ /
>> ProxyRequests off
>> SetEnv force-proxy-request-1.0 1
>> SetEnv proxy-nokeepalive 1
>> SetEnv proxy-initial-not-pooled 1
>> timeout 900
>>
>> <Location />
>> ProxyPassReverse https://itsmtest/
>> ProxyHTMLEnable On
>> ProxyHTMLMeta On
>> ProxyHTMLURLMap / /
>> RequestHeader unset Accept-Encoding
>> </Location>
>>
>> SSLEngine on
>> SSLProxyEngine on
>> SSLProtocol all -SSLv2
>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
>> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
>> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
>>
>> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>> SSLOptions +StdEnvVars
>> </Files>
>> <Directory "/var/www/cgi-bin">
>> SSLOptions +StdEnvVars
>> </Directory>
>> SetEnv proxy-nokeepalive 1
>> SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>> CustomLog logs/ssl_request_log \
>> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>> </VirtualHost>
>
>
>
Re: [users@httpd] (104)Connection reset by peer: SSL input filter
read failed.
Posted by Igor Cicimov <ic...@gmail.com>.
Hi,
Using "ProxyRequests off" means the apache is going to be a reverse proxy
but I can't see your ProxyPassreverse statement. Also the order of the proxy
commands is little bit weird. I wold do it in this way:
ProxyRequests off
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
Cheers,
Igor
On Fri, Jul 2, 2010 at 12:28 AM, Mauri <la...@gmail.com> wrote:
> Hi expert,
>
> my application crashes (BMC Remedy) in the same point.
> This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.
>
> In the apache log i'm reading this error:
>
> [Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O
> error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
> by peer: SSL input filter read failed.
> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection
> reset by peer: proxy: error reading status line from remote server
> 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client
> 10.173.202.231] proxy: NOT Closing connection to client although reading
> from backend server 10.10.0.1 failed., referer:
> https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error
> reading from remote server returned by
> /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer:
> https://itsmtest/arsys/atrium/AtriumConsole.swf
> [Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has
> released connection for (10.10.0.1)
>
> What kind of check can I do?
>
> Many thanks for all suggest, as usual
> Cheers,
> Mauri
>
> this is my server:
>
> [root@Proxy1 httpd]# uname -a
> Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686
> i386 GNU/Linux
> [root@Proxy1 httpd]# rpm -qa | grep httpd
> httpd-manual-2.2.3-31.el5_4.2
> system-config-httpd-1.3.3.3-1.el5
> httpd-2.2.3-31.el5_4.2
> httpd-devel-2.2.3-31.el5_4.2
>
> this is my ssl.conf configuration:
>
> LoadModule ssl_module modules/mod_ssl.so
> LoadFile /usr/lib/libxml2.so
> LoadModule proxy_html_module modules/mod_proxy_html.so
> LoadModule xml2enc_module modules/mod_xml2enc.so
>
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> SSLPassPhraseDialog builtin
> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom 256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
> NameVirtualHost itsmtest:443
> <VirtualHost itsmtest:443>
> ServerName itsmtest
> ErrorLog logs/ictitsm_ssl_error_log_443
> TransferLog logs/ictitsm_ssl_access_log_443
> LogLevel Debug
> ProxyHTMLLogVerbose On
> ProxyPreserveHost On
> ProxyPass / https://10.10.0.1:8443/
> ProxyHTMLURLMap https://itsmtest/ /
> ProxyRequests off
> SetEnv force-proxy-request-1.0 1
> SetEnv proxy-nokeepalive 1
> SetEnv proxy-initial-not-pooled 1
> timeout 900
>
> <Location />
> ProxyPassReverse https://itsmtest/
> ProxyHTMLEnable On
> ProxyHTMLMeta On
> ProxyHTMLURLMap / /
> RequestHeader unset Accept-Encoding
> </Location>
>
> SSLEngine on
> SSLProxyEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
> SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
> SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnv proxy-nokeepalive 1
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
Re: [users@httpd] (104)Connection reset by peer: SSL input filter
read failed.
Posted by Eric Covener <co...@gmail.com>.
> [Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset
> by peer: SSL input filter read failed.
Stop debugging httpd, and figure out why tomcat is closing the
connection unexpectedly.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org