Solved

SSL Proxy - only presents default page

Posted on 2006-06-28
3
794 Views
Last Modified: 2009-01-20
I'm trying to use virtual hosts to configure an ssl proxy to a backend OWA server.  I had the configuration working under Apache 2.0.40 but I upgraded to 2.0.58 to correct a different problem with accessing the OWA server.  Now, when typing https://apache-server-name.domainName.com I get the certificate but after accepting I can only get to the default apache page.  I've tried everything I can think of and have been reading for awhile but can't get this to work......  I've also tried entering the proxypass information in the httpd.conf and the ssl.conf (commenting out the statements in the file I'm not using) but I get the same results either way.  Here's my basic config.

RH Linux 8.0
Apache 2.0.58
openssl 0.9.7j

VirtualHost config.

For httpd.conf

NameVirtualHost ip-address-of apache server:443

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com
</VirtualHost>

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster.domain.com
ServerName apache-server.domain.com
ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

For ssl.conf

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com

ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

I've also got all of the ssl directives but they're working so I've left them out here.  I'm not sure what the difference is between using ssl.conf or httpd.conf for the proxy directives but I get the same results with either one.

I appreciate any help....

0
Comment
Question by:wcuz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
sleep_furiously earned 500 total points
ID: 17014110
First of all, whether they go in httpd.conf or ssl.conf is really your preference for what organization or grouping makes sense for you.  httpd.conf will include the contents of ssl.conf, and it will all be treated as if it were one big file, with the contents of ssl.conf coming at the point where the include statement is found in httpd.conf.

You can run 'httpd -S' to see how apache parsed the configuration file(s).

Now it appears that you are not using name-based virtual hosts -- at least not distinct ones.  It appears you have defined the same virtual host three times.  When handling name-based hosts, the first valid match is taken.  So your vhost configuration above acts as if the entire vhost config were the following:

   <VirtualHost ip-address-of apache server:443>
   ServerAdmin webmaster@domain.com
   ServerName apache-server.domain.com
   </VirtualHost>

That's why you would be getting the default apache page -- none of the relevant main server config directives have been overridden.

What you probably want to do is:

1.  Take out the "NameVirtualHost" directive, since you are not differentiating based on host-header.

2.  Remove the 4-line, mostly empty VirtualHost section.

3.  Keep just one VirtualHost section for this host with all the configuration directives you need in it.  (Whether in httpd.conf or ssl.conf is up to you)

0
 

Author Comment

by:wcuz
ID: 17014339
OK.....  I've commented out all the vhost directives from httpd.conf and now I'm only running vhosts from ssl.conf as outlined in my earlier post, but still I only get the default page.  It doesn't seem like the vhost directives are being recognized.

Thanks.
0
 
LVL 10

Expert Comment

by:sleep_furiously
ID: 17024513
OK, now from your first post it seems you are testing by requesting the web site root. ("/").  At least that is the implied path when you put just the hostname and end the URL there.

The path "/" does not match any of your proxy rules, so it is not being passed by proxy anywhere.  So processing continues as normal.  Since you don't have any different DocumentRoot in the virtual host, it inherits DocumentRoot from the main server config, which is what will be giving you the default page.

You might try redirecting the default page of the virtual server to one of the proxied locations.  For example, in the Virtual Host section:

Redirect seeother /index.html https://apache-server.domain.com/exchange/

Now, it appears from the example you give above that the SSL traffic for apache-server.domain.com is being proxied back to itself as a non-SSL request.  (https://apache-server.domain.com/exchange -> http://apache-server.domain.com/exchange).  Is that the desired outcome?
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question