开发者

Proxying with SSL [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 9 years ago.

Improve this question

I have a Linux host running Apache and a Windows host running IIS. I have a domain that points to the Linux host and need to relay (proxy) requests for it to IIS; I thus have the following virtual host definition in Apache (which works just fine):

&l开发者_开发问答t;VirtualHost 192.168.0.2:80>
    ServerName www.acme.com
    DocumentRoot /var/www/acme.com

    RewriteEngine On
    RewriteOptions Inherit
    RewriteRule ^/(.*) http://win.acme.com/$1 [P]
</VirtualHost>

now I want to add SSL support; the definition becomes:

<VirtualHost 192.168.0.2:443>
    ServerName www.acme.com
    DocumentRoot /var/www/acme.com
    GnuTLSEnable On
    GnuTLSPriorities NORMAL:%COMPAT
    GnuTLSCertificateFile /var/www/ssl/www.acme.com.crt
    GnuTLSKeyFile /var/www/ssl/www.acme.com.key

    RewriteEngine On
    RewriteOptions Inherit
    RewriteRule ^/(.*) https://win.acme.com/$1 [P]
</VirtualHost>

I have valid and trusted certificates on both web servers and if I visit https://win.acme.com all is well, however, when I visit https://www.acme.com I get a 500 Internal Server Error message. A peek at the error logs shows:

[Wed Jul 20 08:35:34 2011] [error] [client 76.168.166.70] SSL Proxy requested for www.wileybits.com:80 but not enabled [Hint: SSLProxyEngine] [Wed Jul 20 08:35:34 2011] [error] proxy: HTTPS: failed to enable ssl support for 74.166.186.70:443 (win.acme.com)

do notice that the proxy request seems to be for the wrong domain (wileybits)... the domain it shows is also hosted by my Apache server but I don't get why it shows up in the logs of acme.com (a reverse DNS lookup perhaps?)

in any case, what am I missing?

thanks in advance - ekkis

p.s. host names and addresses have been altered to protect the innocent :)

* update *

with:

RewriteRule ^/(.*) https://win.acme.com/$1 [R,L]

it seems to work fine, but of course, the Windows' hostname becomes visible, which is not acceptable in my scenario

I also tried (instead of mod_rewrite):

ProxyRequests Off
ProxyPass / https://win.acme.com/

but same error


figured it out... apparently I can do this:

SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPass / https://win.acme.com/
ProxyPassReverse / https://win.acme.com/
CacheDisable *

and it works just fine!

[the solution came from mikeg's posting on 3cx.org]


Not sure the cause of this error, but you might want you try using Squid or Varnish to accomplish this. Previously, I've used Squid to proxy a secure Windows IIS instance without issue.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜