You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Joost Heer, de" <j....@atriummc.nl> on 2010/06/02 12:07:59 UTC
[users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for Citrix
MetaFrame Presentation Server
>>> Igor Cicimov <ic...@gmail.com> 2-6-2010 2:11 >>>
>Maybe this will work:
><Virtualhost>
> Servername citrix.example.com
> ProxyRequests Off
> AllowCONNECT 443
> ProxyPass / backendserver
> ProxyPassReverse / backendserver
></Virtualhost>
AllowCONNECT is for forward proxies. You need SSLProxyEngine on, and then ProxyPass / https://backend/ (the ProxyPassReverse line is probably unnecessary because it's not https-traffic, but it won't kill you to add it anyway).
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for
Citrix MetaFrame Presentation Server
Posted by Ruiyuan Jiang <Ru...@liz.com>.
Hi, I tested and I got "ssl error code 47" error. It seems to me that Apache wants to terminate any port 443 traffic.
The Citrix presentation server does not allow termination of the traffic at port 443. Otherwise Citrix will have an error.
Is there a way to let Apache proxy server passing port 443 traffic without doing anything like a firewall does?
Thanks.
Ryan
-----Original Message-----
From: Joost Heer, de [mailto:j.d.heer@atriummc.nl]
Sent: Wednesday, June 02, 2010 6:08 AM
To: users@httpd.apache.org
Subject: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for Citrix MetaFrame Presentation Server
>>> Igor Cicimov <ic...@gmail.com> 2-6-2010 2:11 >>>
>Maybe this will work:
><Virtualhost>
> Servername citrix.example.com
> ProxyRequests Off
> AllowCONNECT 443
> ProxyPass / backendserver
> ProxyPassReverse / backendserver
></Virtualhost>
AllowCONNECT is for forward proxies. You need SSLProxyEngine on, and then ProxyPass / https://backend/ (the ProxyPassReverse line is probably unnecessary because it's not https-traffic, but it won't kill you to add it anyway).
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for
Citrix MetaFrame Presentation Server
Posted by Ruiyuan Jiang <Ru...@liz.com>.
So I should treat tcp tunneling through https port to backend server the way same as regular https backend server, Joost? I do have SSLProxyEngine on statement. Thanks.
Ruiyuan
-----Original Message-----
From: Joost Heer, de [mailto:j.d.heer@atriummc.nl]
Sent: Wednesday, June 02, 2010 6:08 AM
To: users@httpd.apache.org
Subject: [users@httpd] Betr.: Re: [users@httpd] Apache Reverse Proxy for Citrix MetaFrame Presentation Server
>>> Igor Cicimov <ic...@gmail.com> 2-6-2010 2:11 >>>
>Maybe this will work:
><Virtualhost>
> Servername citrix.example.com
> ProxyRequests Off
> AllowCONNECT 443
> ProxyPass / backendserver
> ProxyPassReverse / backendserver
></Virtualhost>
AllowCONNECT is for forward proxies. You need SSLProxyEngine on, and then ProxyPass / https://backend/ (the ProxyPassReverse line is probably unnecessary because it's not https-traffic, but it won't kill you to add it anyway).
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org