Ooopppsss!! Anyway I can get a mod to delete my last email to the list? Sent from my iPhone
On Apr 25, 2013, at 1:44 PM, "Chris Arnold" <carn...@electrichendrix.com> wrote: > Sorry to email you directly but i am doing this to give you the complete > unedited config files. I don't want them on an indexed mailing list for > security reasons. Either you or i can post back to the list so others are > aware of the findings. > > So i have made the namevirtualhost edit in my listen.conf file: > > Listen 80 > > > <IfDefine SSL> > <IfDefine !NOSSL> > <IfModule mod_ssl.c> > > # Listen 443 > > </IfModule> > </IfDefine> > </IfDefine> > > > # Use name-based virtual hosting > # > # - on a specified address / port: > # > #NameVirtualHost 12.34.56.78:80 > # > # - name-based virtual hosting: > # > NameVirtualHost *:443 > > Here is the "main" ssl virtual host: > > <IfDefine SSL> > <IfDefine !NOSSL> > > <VirtualHost *:443> > #This will be the default vhost because the name starts with 000 > > # General setup for the virtual host > #DocumentRoot "/srv/www/htdocs" > ServerName teknerds.net:443 > ServerAlias mail.* ifolder.* > > #This rewrites https://mail.anydomain.tld to our mail server > RewriteEngine On > RewriteCond %{HTTP_HOST} ^mail\. > RewriteCond %{HTTPS} on > RewriteRule ^/(.*) https://192.168.124.3/$1 [P] > #RedirectMatch ^/$ /zimbra/ > > #This rewrites https://mail.anydomain.tld to our mail server > #RewriteEngine On > #RewriteLog /var/log/apache2/rewrite.log > #RewriteLogLevel 3 > #RewriteCond %{HTTP_HOST} ^apps\. > #RewriteCond %{HTTPS} on > #RewriteRule ^/(.*) https://192.168.123.7/rdweb/ [P] > #RedirectMatch ^/$ /rdweb/ > > RewriteCond %{HTTP_HOST} ^webmail\. > RewriteCond %{HTTPS} on > RewriteRule ^/(.*) https://192.168.124.3/$1 [P] > > #This rewrites https://ifolder.anydomain.tld to our ifolder server > #RewriteCond %{HTTP_HOST} ^ifolder\. > #RewriteCond %{HTTPS} on > #RewriteRule ^/(.*) https://192.168.123.4/ifolder/$1 [P] > #RedirectMatch ^/$ /ifolder/ > > #This rewrites https://share.anydomain.tld to our alfresco server > #RewriteCond %{HTTP_HOST} ^share\. > #RewriteCond %{HTTPS} on > #RewriteRule ^/(.*) http://192.168.123.3:8080/share/$1 [P] > > #ServerAdmin webmas...@example.com > ErrorLog /var/log/apache2/error_log > TransferLog /var/log/apache2/access_log > > SSLProxyEngine On > ProxyPreserveHost On > ProxyPass /ifolder https://192.168.123.4/ifolder > ProxyPassReverse /ifolder https://192.168.123.4/ifolder > ProxyPass /simias10 https://192.168.123.4/simias10 > ProxyPassReverse /simias10 https://192.168.123.4/simias10 > ProxyPass /admin https://192.168.123.4/admin > ProxyPassReverse /admin https://192.168.123.4/admin > ProxyPass /nps https://192.168.123.4/nps > ProxyPassReverse /nps https://192.168.123.4/nps > > #ProxyPass / https://192.168.124.3/ > #ProxyPassReverse / https://192.168.124.3/ > #<Proxy *> > # Order allow,deny > # Allow from all > #</Proxy> > > # SSL Engine Switch: > # Enable/Disable SSL for this virtual host. > SSLEngine on > > # SSL Cipher Suite: > # List the ciphers that the client is permitted to negotiate. > # See the mod_ssl documentation for a complete list. > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > # Server Certificate: > # Point SSLCertificateFile at a PEM encoded certificate. If > # the certificate is encrypted, then you will be prompted for a > # pass phrase. Note that a kill -HUP will prompt again. Keep > # in mind that if you have both an RSA and a DSA certificate you > # can configure both in parallel (to also allow the use of DSA > # ciphers, etc.) > SSLCertificateFile /etc/apache2/ssl.crt/server.crt > > Here is the apps virtualhost file: > > <VirtualHost *:443> > ServerName apps.teknerds.net > SSLEngine On > SSLCertificateFile /etc/apache2/ssl.crt/server.crt > SSLCertificateKeyFile /etc/apache2/ssl.key/server.key > > ProxyPass / https://192.168.123.7/rdweb > ProxyPassReverse / https://192.168.123.7/rdweb > > ErrorLog /var/log/apache2/apps.error_log > TransferLog /var/log/apache2/apps.access_log > </VirtualHost> > > With this present config, when going to https://apps.teknerds.net in IE 8, > internet explorer can not display the web page. The apps.error log does not > show anything in it except the certificate name not matching. > Also in this present config, webmail stops working and ifolder stops working. > These are in the "main" ssl virtualhost and you access them by > https://mail.teknerds.net and https://teknerds.net/ifolder. I am going to > undo the listen.conf edit and rename the apps ssl host file as we have > customers that use these resources. > Should you want access to the server, i can supply that, just let me know. > Thanks for the help > > ----- Original Message ----- > From: "Tom Evans" <tevans...@googlemail.com> > To: users@httpd.apache.org > Sent: Thursday, April 25, 2013 12:39:47 PM > Subject: Re: [users@httpd] Rewrite Rule > > On Thu, Apr 25, 2013 at 4:53 PM, Chris Arnold > <carn...@electrichendrix.com> wrote: >> On Apr 25, 2013, at 11:32 AM, "Tom Evans" wrote: >> >>> It looks like you are rewriting it to it's current location. This >>> leads to a loop. >>> >>> Why are you using rewrite rules anyway? >> >> Because reverse proxy does not work > > ... > > The *only* way to get content from a backend is via reverse proxy. > >> >> >>> It seems like you want to >>> reverse proxy from an apache server with a public IP to a backend >>> webserver in your private LAN. Where do rewrite rules come in to this? >>> Why are you checking the host name in your rewrite rules, instead of >>> using vhosts? Why is this not your configuration: >> >> As I stated in an earlier post, apache does not start when more than 1 ssl >> virtual host (complains about overlap) > > Not using vhosts is frankly more trouble than it is worth. Use vhosts. > Post about the problem that using vhosts gives you. You must be using > the same certificate for both hostnames anyway (presumably a wildcard > cert or using subjectAltName, or you just ignore the errors?), so the > configuration should be pretty straightforward. > >> >> >>> ServerName apps.tld >>> ProxyPass / https://192.168.123.7/ >>> ProxyPassReverse / https://192.168.123.7/ >> >> We have many different things that run on this server and apache handles >> them. When using "/" in your proxy config, everything stops working, email, >> other websites etc. > > So don't proxy from /, or add specific excludes for the paths you do > not want to be proxied: > > ProxyPass /email ! > ProxyPass / https://192.168.123.7/ > > Again, this problem goes away if you correctly separate out your > separate hosts into their own vhost configuration. > >> >>> >>> I'm very confused by what you're trying to achieve. >> >> I covered this in my first email but will try to describe it again: server >> behind an apache server that we need users to get to using >> https://apps.domain.tld. The app resides at http:///sub. We need apache to >> catch the https://apps.domain.tld request and send to https://another >> server/sub > > > NameVirtualHost *:443 > > <VirtualHost *:443> > ServerName www.domain.tld > SSLEngine On > SSLCertificateFile .. > SSLCertificateKeyFile .. > > # All your current directives that apply to www > </VirtualHost> > > <VirtualHost *:443> > ServerName apps.domain.tld > SSLEngine On > SSLCertificateFile .. > SSLCertificateKeyFile .. > > ProxyPass / https://192.168.123.7/ > ProxyPassReverse / https://192.168.123.7/ > </VirtualHost> > > Cheers > > Tom > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org >
