Apache 2.2.11 with Reverse Proxy(HTTPS not consistent)
am 28.08.2009 09:16:04 von Andy Ee------=_NextPart_000_0000_01CA27F2.77AA7870
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Dear All,
=20
I have a web-server installed with Apache 2.2.11 (with reverse proxy
enabled) and a back-end server that is running Tomcat and hosting some =
JSP
web applications.=20
=20
The external users are supposed to communicate with the JSP web =
applications
in HTTPS via the Apache reverse proxy, which establishes a HTTP session =
to
Tomcat.
=20
The flow is as below:
=20
External users --> HTTPS --> Apache Reverse proxy --> HTTP --> Tomcat =
(jsp
web apps)
=20
=20
My IE browser is able to establish a HTTPS session to the web =
application
without a problem. There is a username/password authentication form and =
I am
able to login as well. Here's the problem. Whenever after I logged in, =
the
HTTPS session breaks and becomes HTTP. I can still browse around the =
site
and do functions on HTTP session.=20
=20
Is there anybody who experiences this as well? How do I keep the HTTPS =
going
and consistent?
=20
I have checked the processes of the authentication and logging in, where =
the
web application will parse an action-servlet.xml file to determine the
redirection URL. Is there any issue with reverse proxy doing rewrites on =
XML
files?
=20
Thank you.
=20
=20
Here is my SSL + Reverse Proxy config for Apache2:
=20
=20
# =
==================== =====3D=
==================== ====
# SSL/TLS settings
# =
==================== =====3D=
==================== ====
=20
NameVirtualHost 192.168.0.20:443
Listen 443
=20
SSLProtocol -all +TLSv1 +SSLv3
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
=20
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
=20
SSLSessionCache shmcb:/usr/local/apache2/logs/ssl_scache(512000)
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600
SSLPassPhraseDialog builtin
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLCryptoDevice pkcs11
SSLOptions +StrictRequire
=20
# =
==================== =====3D=
==================== ===3D
# HOSTED SITES
# =
==================== =====3D=
==================== ===3D
=20
ServerAdmin admin@test.com
DocumentRoot /www/
ServerName abc.test.com
ServerAlias abc.test.com
Userdir disabled
=20
SSLEngine On
SSLProxyEngine On
SSLCertificateFile =
/usr/local/apache2/conf/certs/abc.test.com.crt
SSLCertificateKeyFile =
/usr/local/apache2/conf/certs/abc.test.com.pem
=20
ProxyHTMLLogVerbose On
LogLevel Debug
ProxyRequests Off
ProxyPreserveHost On
ProxyHTMLExtended On
=20
RewriteEngine on
RewriteRule ^/sg/test/project$ $1/sg/test/project/ [R]
=20
ProxyPass /sg/test/project/
http://192.168.1.60:8080/sg/test/project/
ProxyHTMLURLmap http://192.168.1.60:8080/sg/test/project/
/sg/test/project/
=20
Order Deny,Allow
Allow from all
=20
ProxyPassReverse /
AddOutputFilter xmlns .xhtml
Include /usr/local/apache2/conf/proxy_html.conf
SetOutputFilter proxy-html
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
RequestHeader unset Accept-Encoding
=20
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
=20
ErrorLog logs/sg_test-error_log
CustomLog logs/sg_test-access_log combined
=20
=20
=20
Best Regards,
Andy Ee
=20
------=_NextPart_000_0000_01CA27F2.77AA7870
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
charset=3Dus-ascii">
style=3D'font-size:10.0pt;
font-family:Arial'>Dear All,
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>I have a web-server installed with Apache 2.2.11 =
(with
reverse proxy enabled) and a back-end server that is running Tomcat and =
hosting
some JSP web applications.
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>The external users are supposed to communicate with =
the JSP
web applications in HTTPS via the Apache reverse proxy, which =
establishes a
HTTP session to Tomcat.
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>The flow is as below:
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>External users
face=3DWingdings>
size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'> HTTPS
size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'> Apache
Reverse proxy
style=3D'font-size:
10.0pt;font-family:Wingdings'>à
face=3DArial>
face=3DWingdings>
style=3D'font-size:10.0pt;font-family:Wingdings'>à
size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'> Tomcat (jsp
web apps)
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>My IE browser is able to establish a HTTPS session to =
the
web application without a problem. There is a username/password =
authentication
form and I am able to login as well. Here’s the problem. Whenever =
after I
logged in, the HTTPS session breaks and becomes HTTP. I can still browse =
around
the site and do functions on HTTP session.
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>Is there anybody who experiences this as well? How do =
I keep
the HTTPS going and consistent?
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>I have checked the processes of the authentication =
and
logging in, where the web application will parse an
size=3D2
face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'>action-servlet. xml
file to determine the redirection URL. Is there any issue with reverse =
proxy
doing rewrites on XML files?
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>Thank you.
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>Here is my SSL + Reverse Proxy config for =
Apache2:
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'># =
==================== =====3D=
==================== ====<=
/span>
style=3D'font-size:10.0pt;
font-family:Arial'># SSL/
face=3DArial> =
settings
style=3D'font-size:10.0pt;
font-family:Arial'># =
==================== =====3D=
==================== ====<=
/span>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>NameVirtualHost 192.168.0.20:443
style=3D'font-size:10.0pt;
font-family:Arial'>Listen 443
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>SSLProtocol -all +TLSv1 +SSLv3
style=3D'font-size:10.0pt;
font-family:Arial'>SSLMutex =
file:/usr/local/apache2/logs/ssl_mutex
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>SSLRandomSeed startup file:/dev/urandom =
1024
style=3D'font-size:10.0pt;
font-family:Arial'>SSLRandomSeed connect file:/dev/urandom =
1024
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>SSLSessionCache &nb=
sp;
shmcb:/usr/local/apache2/logs/ssl_scache(512000)
style=3D'font-size:10.0pt;
font-family:Arial'>SSLSessionCache &nb=
sp;
shm:/usr/local/apache2/logs/ssl_cache_shm
style=3D'font-size:10.0pt;
font-family:Arial'>SSLSessionCacheTimeout 600
style=3D'font-size:10.0pt;
font-family:Arial'>SSLPassPhraseDialog builtin
style=3D'font-size:10.0pt;
font-family:Arial'>SSLCipherSuite =
HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
style=3D'font-size:10.0pt;
font-family:Arial'>SSLCryptoDevice pkcs11
style=3D'font-size:10.0pt;
font-family:Arial'>SSLOptions +StrictRequire
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'># =
==================== =====3D=
==================== ===3D
an>
style=3D'font-size:10.0pt;
font-family:Arial'># HOSTED SITES
style=3D'font-size:10.0pt;
font-family:Arial'># =
==================== =====3D=
==================== ===3D
an>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'><VirtualHost =
192.168.0.20:443>
style=3D'font-size:10.0pt;
font-family:Arial'> =
ServerAdmin
admin@test.com
style=3D'font-size:10.0pt;
font-family:Arial'> =
DocumentRoot
/www/
style=3D'font-size:10.0pt;
font-family:Arial'> ServerName
abc.test.com
style=3D'font-size:10.0pt;
font-family:Arial'> =
ServerAlias
abc.test.com
style=3D'font-size:10.0pt;
font-family:Arial'> Userdir =
disabled
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> SSLEngine =
On
style=3D'font-size:10.0pt;
font-family:Arial'> =
SSLProxyEngine On
style=3D'font-size:10.0pt;
font-family:Arial'>
SSLCertificateFile =
/usr/local/apache2/conf/certs/abc.test.com.crt
style=3D'font-size:10.0pt;
font-family:Arial'>
SSLCertificateKeyFile =
/usr/local/apache2/conf/certs/abc.test.com.pem
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>
ProxyHTMLLogVerbose On
style=3D'font-size:10.0pt;
font-family:Arial'> LogLevel =
Debug
style=3D'font-size:10.0pt;
font-family:Arial'> =
ProxyRequests Off
style=3D'font-size:10.0pt;
font-family:Arial'> =
ProxyPreserveHost
On
style=3D'font-size:10.0pt;
font-family:Arial'> =
ProxyHTMLExtended
On
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> =
RewriteEngine on
style=3D'font-size:10.0pt;
font-family:Arial'> =
RewriteRule
^/sg/test/project$ $1/sg/test/project/ [R]
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> ProxyPass
/sg/test/project/ =
http://192.168.1.60:8080/sg/test/project/
style=3D'font-size:10.0pt;
font-family:Arial'> =
ProxyHTMLURLmap http://192.168.1.60:8080/sg/test/project/
/sg/test/project/
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> <Proxy =
*>
style=3D'font-size:10.0pt;
font-family:Arial'> =
Order
Deny,Allow
style=3D'font-size:10.0pt;
font-family:Arial'> =
Allow
from all
style=3D'font-size:10.0pt;
font-family:Arial'> =
</Proxy>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> =
<Location
/sg/test/project/>
style=3D'font-size:10.0pt;
font-family:Arial'>
ProxyPassReverse /
style=3D'font-size:10.0pt;
font-family:Arial'>
AddOutputFilter xmlns .xhtml
style=3D'font-size:10.0pt;
font-family:Arial'> =
Include
/usr/local/apache2/conf/proxy_html.conf
style=3D'font-size:10.0pt;
font-family:Arial'>
SetOutputFilter proxy-html
style=3D'font-size:10.0pt;
font-family:Arial'> =
SetEnv
force-proxy-request-1.0 1
style=3D'font-size:10.0pt;
font-family:Arial'> =
SetEnv
proxy-nokeepalive 1
style=3D'font-size:10.0pt;
font-family:Arial'>
RequestHeader unset Accept-Encoding
style=3D'font-size:10.0pt;
font-family:Arial'> =
</Location>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> =
BrowserMatch
".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'> ErrorLog
logs/sg_test-error_log
style=3D'font-size:10.0pt;
font-family:Arial'> CustomLog
logs/sg_test-access_log combined
style=3D'font-size:10.0pt;
font-family:Arial'></VirtualHost>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:10.0pt;
font-family:Arial'>
style=3D'font-size:
12.0pt'>
style=3D'font-size:
10.0pt'>Best Regards,
style=3D'font-size:
12.0pt'>
------=_NextPart_000_0000_01CA27F2.77AA7870--