Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 809
  • Last Modified:

SSL Proxy - only presents default page

I'm trying to use virtual hosts to configure an ssl proxy to a backend OWA server.  I had the configuration working under Apache 2.0.40 but I upgraded to 2.0.58 to correct a different problem with accessing the OWA server.  Now, when typing https://apache-server-name.domainName.com I get the certificate but after accepting I can only get to the default apache page.  I've tried everything I can think of and have been reading for awhile but can't get this to work......  I've also tried entering the proxypass information in the httpd.conf and the ssl.conf (commenting out the statements in the file I'm not using) but I get the same results either way.  Here's my basic config.

RH Linux 8.0
Apache 2.0.58
openssl 0.9.7j

VirtualHost config.

For httpd.conf

NameVirtualHost ip-address-of apache server:443

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com
</VirtualHost>

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster.domain.com
ServerName apache-server.domain.com
ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

For ssl.conf

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com

ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

I've also got all of the ssl directives but they're working so I've left them out here.  I'm not sure what the difference is between using ssl.conf or httpd.conf for the proxy directives but I get the same results with either one.

I appreciate any help....

0
wcuz
Asked:
wcuz
  • 2
1 Solution
 
sleep_furiouslyCommented:
First of all, whether they go in httpd.conf or ssl.conf is really your preference for what organization or grouping makes sense for you.  httpd.conf will include the contents of ssl.conf, and it will all be treated as if it were one big file, with the contents of ssl.conf coming at the point where the include statement is found in httpd.conf.

You can run 'httpd -S' to see how apache parsed the configuration file(s).

Now it appears that you are not using name-based virtual hosts -- at least not distinct ones.  It appears you have defined the same virtual host three times.  When handling name-based hosts, the first valid match is taken.  So your vhost configuration above acts as if the entire vhost config were the following:

   <VirtualHost ip-address-of apache server:443>
   ServerAdmin webmaster@domain.com
   ServerName apache-server.domain.com
   </VirtualHost>

That's why you would be getting the default apache page -- none of the relevant main server config directives have been overridden.

What you probably want to do is:

1.  Take out the "NameVirtualHost" directive, since you are not differentiating based on host-header.

2.  Remove the 4-line, mostly empty VirtualHost section.

3.  Keep just one VirtualHost section for this host with all the configuration directives you need in it.  (Whether in httpd.conf or ssl.conf is up to you)

0
 
wcuzAuthor Commented:
OK.....  I've commented out all the vhost directives from httpd.conf and now I'm only running vhosts from ssl.conf as outlined in my earlier post, but still I only get the default page.  It doesn't seem like the vhost directives are being recognized.

Thanks.
0
 
sleep_furiouslyCommented:
OK, now from your first post it seems you are testing by requesting the web site root. ("/").  At least that is the implied path when you put just the hostname and end the URL there.

The path "/" does not match any of your proxy rules, so it is not being passed by proxy anywhere.  So processing continues as normal.  Since you don't have any different DocumentRoot in the virtual host, it inherits DocumentRoot from the main server config, which is what will be giving you the default page.

You might try redirecting the default page of the virtual server to one of the proxied locations.  For example, in the Virtual Host section:

Redirect seeother /index.html https://apache-server.domain.com/exchange/

Now, it appears from the example you give above that the SSL traffic for apache-server.domain.com is being proxied back to itself as a non-SSL request.  (https://apache-server.domain.com/exchange -> http://apache-server.domain.com/exchange).  Is that the desired outcome?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now