| Mark Neis 2004-11-30, 7:53 am |
| Hi group,
I got a problem I seem to be unable to solve on my own.
Layout:
I have a java-based catalog management system running on Tomcat/JBoss.
I use Apache 2.0.50 as reverse proxy, connection to the Java server
via mod_rewrite and mod_proxy (config see below). I need a HTTPS
connection from the outside to the reverse proxy and HTTP to a local
tcp socket from the apache proxy to the Java server:
+-------+ SSL +--------+---------+-----------+ HTTP +--------+
| I'net | <-----> |mod_ssl | rewrite | mod_proxy | <------> | Tomcat |
+-------+ +--------+---------+-----------+ +--------+
When I try to connect to the application over HTTPS
[https://xyz.domain.de/JPBC/index.jsp], all I get is a 500 server
error. SSL error logging tells me the following (for longer log
extracts see below):
| [error] SSL Proxy requested for xyz.domain.de:443 but not enabled [Hint: SSLProxyEngine]
| [error] proxy: failed to enable ssl support for 192.168.117.150:443 (xyz.domain.de)
If I understand this correctly, mod_proxy tries to forward SSL to the
java server. What I wanted it to do is: Strip SSL and forward plain
HTTP to the Java server.
Plain SSL works, static content is delivered successfully.
I unsuccessfully tried a dozen slightly different configurations
yesterday, including rewrites from SSL to plain HTTP and vv.
An older version of the same application was running on an apache
2.0.39 with basically the same configuration without problems.
Unfortunately, the sources of that apache 2.0.39 were lost and I
didn't compile and set it up myself, so I can't tell if it may have
been compiled differently.
As I'm no apache hacker (and usually don't have the time to wade
knee-deep in webserver sources ;), I was hoping that someone could
tell me if this perhaps is an issue of code changes in mod_proxy? Or
am I just fscking blind and can't see the obvious?
Thanks for all and any help,
Mark
(xpost ciwsm and ciwsu, f'up2 comp.infosystems.www.servers.unix)
| Alias /JPBC/image "/data2/CatalogImages"
| Alias /JPBC/applet "/data1/JPBC/jpbc40/web/applet"
| Alias /JPBC "/data1/JPBC/jpbc40/web"
| [...]
|
| <VirtualHost _default_:443>
| DocumentRoot "/opt/httpd-2.0.50/htdocs"
| ServerName xyz.domain.de:443
| ErrorLog logs/xyz.domain.de.ssl.error.log
| TransferLog logs/xyz.domain.de.ssl.access.log
|
| #RewriteEngine On
| #RewriteRule ^/(.*)$ http://%{SERVER_NAME}/$1 [R,L,NC,NE]
|
| SSLEngine on
| [...]
| </VirtualHost>
|
| [...]
| RewriteLog "logs/rewrite.log"
| RewriteLogLevel 9
|
| <Location /JPBC>
| RewriteEngine On
| RewriteCond %{THE_REQUEST} \.jsp
| RewriteRule ^(.+) %{REQUEST_URI} [P]
|
| RewriteCond %{THE_REQUEST} \.servlet
| RewriteRule ^(.+) %{REQUEST_URI} [P]
| </Location>
|
| <Proxy *>
| Order deny,allow
| Deny from all
| Allow from localhost
| </Proxy>
|
| ProxyRequests Off
| # ProxyVia On
|
| # ProxyRemote * http://xyz.domain.de:18080
ProxyRemote http://xyz.domain.de/JPBC http://xyz.domain.de:18080
I cut off the unimportant stuff (timestamps etc.) from the beginning
of the following lines and left the rest unwrapped.
[rewrite.log]
| RewriteCond: input='GET /JPBC/frameset/1_0FrameSet_ListViews.jsp?FS=Catalog&nodeID=156711 HTTP/1.1' pattern='\.jsp' => matched
| (2) [per-dir /JPBC/] rewrite /data1/JPBC/jpbc40/web/frameset/1_0FrameSet_ListViews.jsp -> /JPBC/frameset/1_0FrameSet_ListViews.jsp
| (2) [per-dir /JPBC/] forcing proxy-throughput with http://xyz.domain.de/JPBC/frameset/...t_ListViews.jsp
| (1) [per-dir /JPBC/] go-ahead with proxy request proxy:http://xyz.domain.de/JPBC/frameset/...g&nodeID=156711 [OK]
| (3) [per-dir /JPBC/] add path info postfix: /data1/JPBC/jpbc40/web/2_0Catalog -> /data1/JPBC/jpbc40/web/2_0Catalog/2_0_4Catalog_ListButton.jsp
[error.log]
| [debug] mod_proxy.c(397): Trying to run scheme_handler against proxy
| [debug] proxy_http.c(1073): proxy: HTTP: serving URL http://xyz.domain.de/JPBC/frameset/...g&nodeID=156711
| [debug] proxy_http.c(185): proxy: HTTP connecting http://xyz.domain.de/JPBC/frameset/...g&nodeID=156711 to xyz.domain.de:80
| [debug] proxy_util.c(1138): proxy: HTTP: fam 2 socket created to connect to xyz.domain.de
| [debug] proxy_http.c(334): proxy: socket is connected
| [debug] proxy_http.c(368): proxy: connection complete to 192.168.117.150:18080 (xyz.domain.de)
| [debug] proxy_http.c(908): proxy: start body send
| [debug] proxy_http.c(967): proxy: end body send
[ssl.error.log]
| [info] Initial (No.1) HTTPS request received for child 7 (server xyz.domain.de:443)
| [debug] mod_proxy.c(416): Trying to run scheme_handler
| [debug] proxy_http.c(1073): proxy: HTTP: serving URL https://xyz.domain.de/JPBC/index.jsp
| [debug] proxy_http.c(185): proxy: HTTP connecting https://xyz.domain.de/JPBC/index.jsp to xyz.domain.de:443
| [debug] proxy_util.c(1138): proxy: HTTP: fam 2 socket created to connect to xyz.domain.de
| [debug] proxy_http.c(334): proxy: socket is connected
| [error] SSL Proxy requested for xyz.domain.de:443 but not enabled [Hint: SSLProxyEngine]
| [error] proxy: failed to enable ssl support for 192.168.117.150:443 (xyz.domain.de)
|