Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SSL Proxy - only presents default page

Posted on 2006-06-28
3
Medium Priority
?
808 Views
Last Modified: 2009-01-20
I'm trying to use virtual hosts to configure an ssl proxy to a backend OWA server.  I had the configuration working under Apache 2.0.40 but I upgraded to 2.0.58 to correct a different problem with accessing the OWA server.  Now, when typing https://apache-server-name.domainName.com I get the certificate but after accepting I can only get to the default apache page.  I've tried everything I can think of and have been reading for awhile but can't get this to work......  I've also tried entering the proxypass information in the httpd.conf and the ssl.conf (commenting out the statements in the file I'm not using) but I get the same results either way.  Here's my basic config.

RH Linux 8.0
Apache 2.0.58
openssl 0.9.7j

VirtualHost config.

For httpd.conf

NameVirtualHost ip-address-of apache server:443

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com
</VirtualHost>

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster.domain.com
ServerName apache-server.domain.com
ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

For ssl.conf

<VirtualHost ip-address-of apache server:443>
ServerAdmin webmaster@domain.com
ServerName apache-server.domain.com

ProxyRequests off
RequestHeader set Front-End-Https "On"
ProxyPass /exchange http://apache-server.domain.com/exchange
ProxyPassReverse /exchange http://apache-server.domain.com/exchange
ProxyPass /exchweb http://apache-server.domain.com/exchweb
ProxyPassReverse /exchweb http://apache-server.domain.com/exchweb
ProxyPass /public http://apache-server.domain.com/public
ProxyPassReverse /public http://apache-server.domain.com/public
ProxyPass /iisadmpwd http://apache-server.domain.com/iisadmpwd
ProxyPassReverse /iisadmpwd http://apache-server.domain.com/iisadmpwd
</VirtualHost>

I've also got all of the ssl directives but they're working so I've left them out here.  I'm not sure what the difference is between using ssl.conf or httpd.conf for the proxy directives but I get the same results with either one.

I appreciate any help....

0
Comment
Question by:wcuz
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
sleep_furiously earned 1000 total points
ID: 17014110
First of all, whether they go in httpd.conf or ssl.conf is really your preference for what organization or grouping makes sense for you.  httpd.conf will include the contents of ssl.conf, and it will all be treated as if it were one big file, with the contents of ssl.conf coming at the point where the include statement is found in httpd.conf.

You can run 'httpd -S' to see how apache parsed the configuration file(s).

Now it appears that you are not using name-based virtual hosts -- at least not distinct ones.  It appears you have defined the same virtual host three times.  When handling name-based hosts, the first valid match is taken.  So your vhost configuration above acts as if the entire vhost config were the following:

   <VirtualHost ip-address-of apache server:443>
   ServerAdmin webmaster@domain.com
   ServerName apache-server.domain.com
   </VirtualHost>

That's why you would be getting the default apache page -- none of the relevant main server config directives have been overridden.

What you probably want to do is:

1.  Take out the "NameVirtualHost" directive, since you are not differentiating based on host-header.

2.  Remove the 4-line, mostly empty VirtualHost section.

3.  Keep just one VirtualHost section for this host with all the configuration directives you need in it.  (Whether in httpd.conf or ssl.conf is up to you)

0
 

Author Comment

by:wcuz
ID: 17014339
OK.....  I've commented out all the vhost directives from httpd.conf and now I'm only running vhosts from ssl.conf as outlined in my earlier post, but still I only get the default page.  It doesn't seem like the vhost directives are being recognized.

Thanks.
0
 
LVL 10

Expert Comment

by:sleep_furiously
ID: 17024513
OK, now from your first post it seems you are testing by requesting the web site root. ("/").  At least that is the implied path when you put just the hostname and end the URL there.

The path "/" does not match any of your proxy rules, so it is not being passed by proxy anywhere.  So processing continues as normal.  Since you don't have any different DocumentRoot in the virtual host, it inherits DocumentRoot from the main server config, which is what will be giving you the default page.

You might try redirecting the default page of the virtual server to one of the proxied locations.  For example, in the Virtual Host section:

Redirect seeother /index.html https://apache-server.domain.com/exchange/

Now, it appears from the example you give above that the SSL traffic for apache-server.domain.com is being proxied back to itself as a non-SSL request.  (https://apache-server.domain.com/exchange -> http://apache-server.domain.com/exchange).  Is that the desired outcome?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month12 days, 14 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question