Solved

SSL Proxy - only presents default page

Posted on 2006-06-28
3
776 Views
Last Modified: 2009-01-20
I'm trying to use virtual hosts to configure an ssl proxy to a backend OWA server.  I had the configuration working under Apache 2.0.40 but I upgraded to 2.0.58 to correct a different problem with accessing the OWA server.  Now, when typing https://apache-server-name.domainName.com I get the certificate but after accepting I can only get to the default apache page.  I've tried everything I can think of and have been reading for awhile but can't get this to work......  I've also tried entering the proxypass information in the httpd.conf and the ssl.conf (commenting out the statements in the file I'm not using) but I get the same results either way.  Here's my basic config.

RH Linux 8.0
Apache 2.0.58
openssl 0.9.7j

VirtualHost config.

For httpd.conf

NameVirtualHost ip-address-of apache server:443

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com
</VirtualHost>

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster.domain.com
ServerName apache-server.domain.com
ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

For ssl.conf

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com

ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

I've also got all of the ssl directives but they're working so I've left them out here.  I'm not sure what the difference is between using ssl.conf or httpd.conf for the proxy directives but I get the same results with either one.

I appreciate any help....

0
Comment
Question by:wcuz
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
sleep_furiously earned 500 total points
ID: 17014110
First of all, whether they go in httpd.conf or ssl.conf is really your preference for what organization or grouping makes sense for you.  httpd.conf will include the contents of ssl.conf, and it will all be treated as if it were one big file, with the contents of ssl.conf coming at the point where the include statement is found in httpd.conf.

You can run 'httpd -S' to see how apache parsed the configuration file(s).

Now it appears that you are not using name-based virtual hosts -- at least not distinct ones.  It appears you have defined the same virtual host three times.  When handling name-based hosts, the first valid match is taken.  So your vhost configuration above acts as if the entire vhost config were the following:

   <VirtualHost ip-address-of apache server:443>
   ServerAdmin webmaster@domain.com
   ServerName apache-server.domain.com
   </VirtualHost>

That's why you would be getting the default apache page -- none of the relevant main server config directives have been overridden.

What you probably want to do is:

1.  Take out the "NameVirtualHost" directive, since you are not differentiating based on host-header.

2.  Remove the 4-line, mostly empty VirtualHost section.

3.  Keep just one VirtualHost section for this host with all the configuration directives you need in it.  (Whether in httpd.conf or ssl.conf is up to you)

0
 

Author Comment

by:wcuz
ID: 17014339
OK.....  I've commented out all the vhost directives from httpd.conf and now I'm only running vhosts from ssl.conf as outlined in my earlier post, but still I only get the default page.  It doesn't seem like the vhost directives are being recognized.

Thanks.
0
 
LVL 10

Expert Comment

by:sleep_furiously
ID: 17024513
OK, now from your first post it seems you are testing by requesting the web site root. ("/").  At least that is the implied path when you put just the hostname and end the URL there.

The path "/" does not match any of your proxy rules, so it is not being passed by proxy anywhere.  So processing continues as normal.  Since you don't have any different DocumentRoot in the virtual host, it inherits DocumentRoot from the main server config, which is what will be giving you the default page.

You might try redirecting the default page of the virtual server to one of the proxied locations.  For example, in the Virtual Host section:

Redirect seeother /index.html https://apache-server.domain.com/exchange/

Now, it appears from the example you give above that the SSL traffic for apache-server.domain.com is being proxied back to itself as a non-SSL request.  (https://apache-server.domain.com/exchange -> http://apache-server.domain.com/exchange).  Is that the desired outcome?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question