https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)
am 17.12.2004 13:19:49 von Hanack LeifHello,
i have nearly the same problem like
"nerb"
(http://marc.theaimsgroup.com/?l=3Dapache-httpd-users&m=3D10 9474858416348=
&w=3D
2)
and
"fitzner"
(http://marc.theaimsgroup.com/?l=3Dapache-httpd-users&m=3D11 0309511816081=
&w=3D
2)
have.
They do not get any answer. Hope dies last:)) Therefore i hope that
someone can give 'us' an answer, even if it is a "no, that do not work".
I'm trying to get the following szenario to work with Apache
2.0.51/OpenSSL 0.9.7d.
Client --http--> Reverse Proxy --internal--> Forward Proxy
(ProxyRemote) --https--> Webserver
Ralf Engelschall said: "when you want to forward to a HTTPS target you
need HTTPS support in mod_proxy. That's only possible with mod_ssl
(which enhanced mod_proxy for HTTPS). Then you can do all: Accept HTTP
and HTTPS and connect to HTTP and HTTPS targets, i.e. create gateways in
all combinations."
Is it possible that SSL-forwarding is not working when using
ProxyRemote?
My logs :
[Mon Dec 13 14:14:50 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O
error, 7 bytes expected to read on BIO#a55e90 [mem: a5b670] [Mon Dec 13
14:14:50 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL:
Exit: error in SSLv2/v3 read server hello A [Mon Dec 13 14:14:50 2004]
[info] SSL Proxy connect failed [Mon Dec 13 14:14:50 2004] [info]
Connection to child 1 closed with abortive shutdown(server
172.16.37.124:80, client 172.16.34.50) [Mon Dec 13 14:14:50 2004]
[error] (20014)Error string not specified
yet: proxy: request failed to 172.16.34.50:3128 (www-cache)
My config :=20
ServerName intra-xy.com
ServerAdmin mailadmin@example.com
ProxyRequests Off
ProxyRemote * http://proxyIP:3128
SSLProxyEngine on
ProxyPass / https://remoteServerIP/
ProxyPassReverse / https://remoteServerIP/
In a test szenario where i can reach the 'remoteServer' directly
(without a proxy) it is working.
Client --http--> Reverse Proxy --https--> Webserver
Sh*t, that the remoteServer is only reachable via proxy :)
Hope you can help me,
thanks in advance, Leif
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org