mod_ssl & mod_proxy
am 06.12.2002 05:49:53 von HMajidyThis is a multi-part message in MIME format.
------=_NextPart_000_009E_01C29C9F.DC98CDD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
This is to report a problem with Apache with mod_ssl and mod_proxy, and to
request the communitys help in resolving it.
Objective: The objective is to set up Apache as a reverse proxy, to receive
encrypted HTTPS traffic over the Internet and to convert it to HTTP and
direct it to a web server through a firewall.
Problem: Apache seems to be redirecting traffic to the virtual hosts on the
local filesystem correctly, but mod_proxy does not seem to send requests to
remote URL (as specified by ProxyRemote directive below). SSL does display
correct certificate from requesting browser.
Troubleshooting Steps Taken: Experimenting with the target URL (IP and
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I
have not been able to establish that proxy is doing anything at all.
Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as
statically linked in modules.
Heres the system configuration:
Linux version 2.2.16-22smp
gcc version egcs-2.91.66
Server version: Apache/1.3.27 (Unix)
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_proxy.c
mod_setenvif.c
mod_ssl.c
OpenSSL 0.9.6g 9 August 2002
httpd.conf
AddModule mod_proxy.c
ProxyRequests off
NoCache *
AllowCONNECT 443,80
Order Allow,Deny
Allow from All
ProxyRemote * http://1.2.3.4:85
NameVirtualHost *
Listen *:443
SSLEngine on
ServerName www.mydomain.com
DocumentRoot /usr/local/apache/htdocs
ErrorLog logs/443-error_log
Listen *:80
ServerAdmin hamid@mydomain.com
DocumentRoot /usr/local/apache/www
ServerName www1.mydomain.com
ErrorLog logs/80-error_log
Can anyone see a conflict or omission in this configuration? Does anyone
have these two modules working together in a reverse proxy scenario? Any
help or suggestions would be appreciated.
Regards,
Hamid.
------=_NextPart_000_009E_01C29C9F.DC98CDD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
charset=3Diso-8859-1">
mod_ssl and=20
mod_proxy, and to request the community=92s help in resolving it.
/>
New Roman"=20
size=3D3>Objective: The objective is to set up Apache as a reverse =
proxy, to=20
receive encrypted HTTPS traffic over the Internet and to convert it to =
HTTP and=20
direct it to a web server through a firewall.
New Roman"=20
size=3D3>Problem: Apache seems to be redirecting traffic to the virtual =
hosts on=20
the local filesystem correctly, but mod_proxy does not seem to send =
requests to=20
remote URL (as specified by ProxyRemote directive below). SSL does =
display=20
correct certificate from requesting browser.
New Roman"=20
size=3D3>Troubleshooting Steps Taken: Experimenting with the target URL =
(IP and=20
hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I =
have=20
not been able to establish that proxy is doing anything at =
all.
New Roman"=20
size=3D3>Apache has been recompiled with mod_ssl and mod_proxy as DSOs =
as well as=20
statically linked in modules.
New Roman"=20
size=3D3>Here=92s the system configuration:
New Roman"=20
size=3D3>Linux version 2.2.16-22smp
New Roman"=20
size=3D3>gcc version egcs-2.91.66
New Roman"=20
size=3D3>Server version: Apache/1.3.27 (Unix)
New Roman"=20
size=3D3>Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_proxy.c
mod_setenvif.c
mod_ssl.c
New Roman"=20
size=3D3>OpenSSL 0.9.6g 9 August 2002
New Roman"=20
size=3D3>httpd.conf
New Roman"=20
size=3D3>AddModule mod_proxy.c
New Roman"=20
size=3D3><IfModule mod_proxy.c>
ProxyRequests off
NoCache *
AllowCONNECT 443,80
<Directory />
Order Allow,Deny
Allow from=20
All
</Directory>
New Roman"=20
size=3D3>ProxyRemote * http://1.2.3.4:85
New Roman"=20
size=3D3></IfModule>
New Roman"=20
size=3D3>NameVirtualHost *
New Roman"=20
size=3D3>Listen *:443
New Roman"=20
size=3D3><VirtualHost _default_:443>
SSLEngine on
ServerName www.mydomain.com
DocumentRoot /usr/local/apache/htdocs
ErrorLog logs/443-error_log
New Roman"=20
size=3D3></VirtualHost>
New Roman"=20
size=3D3>Listen *:80
New Roman"=20
size=3D3><VirtualHost *:80>
ServerAdmin hamid@mydomain.com
DocumentRoot /usr/local/apache/www
ServerName www1.mydomain.com
ErrorLog logs/80-error_log
New Roman"=20
size=3D3></VirtualHost>
New Roman"=20
size=3D3>Can anyone see a conflict or omission in this configuration? =
Does anyone=20
have these two modules working together in a reverse proxy scenario? Any =
help or=20
suggestions would be appreciated.
New Roman"=20
size=3D3>Regards,
New Roman"=20
size=3D3>Hamid.
------=_NextPart_000_009E_01C29C9F.DC98CDD0--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org