Results 1 to 4 of 4
I want to be able to redirect http and https traffic coming in to my central server to different virtual servers. I have a host (the central server) and four ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-29-2012 #1
Apache proxy over port 443
I want to be able to redirect http and https traffic coming in to my central server to different virtual servers.
I have a host (the central server) and four different guests. Each guest hosts a website for a different domain. Each domain name resolves to my host server from outside. And on my host I configured Apache to use VirtualHosts and ProxyPass (& ProxyPassReverse) to redirect requests for port 80 to the correct corresponding guest. This works correctly. Joy
But two of the domains also have ssl configured and are also listening on port 443. And here is where it goes wrong. I get ssl certificate errors, and I'm at a loss how to fix these.
NameVirtualHost 192.168.1.1:80 <VirtualHost 192.168.1.1:80> ServerName www.domain1.nl ProxyPreserveHost On ProxyPass / http://www.domain1.nl/ ProxyPassReverse / http://www.domain1.nl/ ErrorLog logs/domain1-error_log CustomLog logs/domain1-access_log combined </VirtualHost> <VirtualHost 192.168.1.1:80> ServerName www.domain2.net ProxyPreserveHost On ProxyPass / http://www.domain2.net/ ProxyPassReverse / http://www.domain2.net/ ErrorLog logs/domain2-error_log CustomLog logs/domain2-access_log combined </VirtualHost> <VirtualHost 192.168.1.1:80> ServerName www.domain3.org ProxyPreserveHost On ProxyPass / http://www.domain3.org/ ProxyPassReverse / http://www.domain3.org/ ErrorLog logs/domain3-error_log CustomLog logs/doman3-access_log combined </VirtualHost> NameVirtualHost 192.168.1.1:443 <VirtualHost 192.168.1.1:443> ServerName www.domain2.net ProxyPreserveHost On ProxyPass / https://www.domain2.net ProxyPassReverse / https://www.domain2.net ErrorLog logs/domain2-error_log CustomLog logs/domain2-access_log combined </VirtualHost> <VirtualHost 192.168.1.1:443> ServerName www.domain3.org ProxyPreserveHost On ProxyPass / https://www.domain3.org/ ProxyPassReverse / https://www.domain3.org/ ErrorLog logs/domain3-error_log CustomLog logs/domain3-access_log combined </VirtualHost>
As I said, the normal port 80 requests get routed to the correct server just the way I want them. But requests on port 443 lead to a:
But this either had no effect or made matters worst.
My stop-gap fix for now is to redirect port 443 traffic using iptables on the host and then it works correctly for one domain. But the downside of that is that I cannot choose between https://domain2 and https://domain3 based on url. In iptables it's either domain2 or domain3.Can't tell an OS by it's GUI
- 01-29-2012 #2
- Join Date
- Aug 2009
hmmm I know this might sound silly, but what does the access and error logs says when you get ssl certificate erros
- 01-30-2012 #3
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
Well, you say you get this error, "ssl_error_rx_record_too_long". Are you sure that only https requests are going to port 443? Anyway, I'll run this problem by some colleagues at work tomorrow who deal with this stuff all the time and see what they say.Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!
- 01-30-2012 #4Originally Posted by amlife
On the host error log:
[Mon Jan 30 09:06:30 2012] [error] [client 192.168.1.28] invalid request-URI [Mon Jan 30 09:06:30 2012] [error] [client 192.168.1.28] Invalid URI in request \x16\x03\x01
192.168.1.28 - - [30/Jan/2012:09:06:30 +0100] "\x16\x03\x01" 400 308 "-" "-"
Originally Posted by Rubberman
But then, only one of the guests works correctly of course and I have to choose which one in iptables on the host, whereas I want both guests to be reachable based on url like it works with http traffic.
I know the "ssl_error_rx_record_too_long" mainly from misconfigured VirtualHosts (the error message is a bit cryptic) and I've long fiddled with the settings on the host VirtualHost directives.
If I try this:
me@laptop# telnet 192.168.1.1 443 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. GET / <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.2.15 (CentOS) Server at www.domain3.org Port 80</address> </body></html> Connection closed by foreign host.Originally Posted by RubbermanCan't tell an OS by it's GUI