Reverse SSL Proxy in cluster Configuration

Reverse SSL Proxy in cluster Configuration

am 20.10.2009 11:15:35 von Manuel Vicente Lozano

Hi all,

We're trying to mount a reverse proxy cluster using two apache
severs (httpd v2.2.14) balanced by a hardware load balancer (CISCO).
This balancer distribute the incoming requests to each reverse proxy.
The implented system seems to work well with most of the applications
but we have found some problems with an SSL application when somebody
wants to upload files: the error 413 use to appears (not always):
Request Entity Too Large. We have no clue about the problem. The thing
is with only one server active of the cluster the application works
perfectly.
The configuration is shared between proxys and the reverse-proxy is
implemented using name virtual hosts.

Any idea?

Regards,

Regards,

Manuel Vicente.



VirtualHost Configuration


ServerName plataform-temp.example.com:443

ErrorLog "/usr/local/apache2/logs/error_plataform_ssl.log"
CustomLog "/usr/local/apache2/logs/access_plataform_ssl.log"
combined

KeepAlive On
KeepAliveTimeOut 15

Include conf/ssl.conf


SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
SSLOptions +ExportCertData +OptRenegotiate

#Weblogic module configuration

SetHandler weblogic-handler
WebLogicHost sxpa1.example.com
WebLogicPort 8057
MatchExpression *.jsp
PathPrepend /siplex/



ssl.conf:

SSLEngine On
SSLProxyEngine On

SSLRequireSSL


SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/wildcard.pem
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/wildcard.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle.crt

SSLOptions +FakeBasicAuth +StrictRequire
SSLVerifyClient none


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org