Solved

SSL Proxy - only presents default page

Posted on 2006-06-28
3
781 Views
Last Modified: 2009-01-20
I'm trying to use virtual hosts to configure an ssl proxy to a backend OWA server.  I had the configuration working under Apache 2.0.40 but I upgraded to 2.0.58 to correct a different problem with accessing the OWA server.  Now, when typing https://apache-server-name.domainName.com I get the certificate but after accepting I can only get to the default apache page.  I've tried everything I can think of and have been reading for awhile but can't get this to work......  I've also tried entering the proxypass information in the httpd.conf and the ssl.conf (commenting out the statements in the file I'm not using) but I get the same results either way.  Here's my basic config.

RH Linux 8.0
Apache 2.0.58
openssl 0.9.7j

VirtualHost config.

For httpd.conf

NameVirtualHost ip-address-of apache server:443

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com
</VirtualHost>

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster.domain.com
ServerName apache-server.domain.com
ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

For ssl.conf

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com

ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

I've also got all of the ssl directives but they're working so I've left them out here.  I'm not sure what the difference is between using ssl.conf or httpd.conf for the proxy directives but I get the same results with either one.

I appreciate any help....

0
Comment
Question by:wcuz
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
sleep_furiously earned 500 total points
ID: 17014110
First of all, whether they go in httpd.conf or ssl.conf is really your preference for what organization or grouping makes sense for you.  httpd.conf will include the contents of ssl.conf, and it will all be treated as if it were one big file, with the contents of ssl.conf coming at the point where the include statement is found in httpd.conf.

You can run 'httpd -S' to see how apache parsed the configuration file(s).

Now it appears that you are not using name-based virtual hosts -- at least not distinct ones.  It appears you have defined the same virtual host three times.  When handling name-based hosts, the first valid match is taken.  So your vhost configuration above acts as if the entire vhost config were the following:

   <VirtualHost ip-address-of apache server:443>
   ServerAdmin webmaster@domain.com
   ServerName apache-server.domain.com
   </VirtualHost>

That's why you would be getting the default apache page -- none of the relevant main server config directives have been overridden.

What you probably want to do is:

1.  Take out the "NameVirtualHost" directive, since you are not differentiating based on host-header.

2.  Remove the 4-line, mostly empty VirtualHost section.

3.  Keep just one VirtualHost section for this host with all the configuration directives you need in it.  (Whether in httpd.conf or ssl.conf is up to you)

0
 

Author Comment

by:wcuz
ID: 17014339
OK.....  I've commented out all the vhost directives from httpd.conf and now I'm only running vhosts from ssl.conf as outlined in my earlier post, but still I only get the default page.  It doesn't seem like the vhost directives are being recognized.

Thanks.
0
 
LVL 10

Expert Comment

by:sleep_furiously
ID: 17024513
OK, now from your first post it seems you are testing by requesting the web site root. ("/").  At least that is the implied path when you put just the hostname and end the URL there.

The path "/" does not match any of your proxy rules, so it is not being passed by proxy anywhere.  So processing continues as normal.  Since you don't have any different DocumentRoot in the virtual host, it inherits DocumentRoot from the main server config, which is what will be giving you the default page.

You might try redirecting the default page of the virtual server to one of the proxied locations.  For example, in the Virtual Host section:

Redirect seeother /index.html https://apache-server.domain.com/exchange/

Now, it appears from the example you give above that the SSL traffic for apache-server.domain.com is being proxied back to itself as a non-SSL request.  (https://apache-server.domain.com/exchange -> http://apache-server.domain.com/exchange).  Is that the desired outcome?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mysql is corrupting stringified JSON object 11 56
tomcat LDAP authentication issue 3 192
Guacamole and browser performance 1 105
New OSQA server has a ton of fake users 4 71
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question