First, do not define vhosts as <hostname>:PORT, but rather either *:443 or IP:443.
Secondly, to proxy from TLS to TLS, you need both SSLEngine on and SSLProxyEngine on. Avoid proxying from a <Location> block, unless strictly necessary. Use the vhost context. You can use the Location block to set headers instead. Lastly, your TLS vhost requires SSLCertificateFile and SSLCertificateKeyFile. On Wed, Oct 4, 2023 at 7:38 AM lejeczek <pelj...@yahoo.co.uk.invalid> wrote: > > > On 04/10/2023 10:40, lejeczek wrote: > > Hi guys. > > I've sroogled & have found people suggesting working examples, I thought I > had some notes but now I'm thinking I read that it should not work.. > so I'm not sure what to think of this seemingly setup: > > <VirtualHost siem.mine.priv:443> > ServerAdmin web...@lemko.xyz > ServerName siem.mine.priv > > ErrorLog /var/log/httpd/siem.mine.priv-error_log > CustomLog /var/log/httpd/siem.mine.priv-access_log common > > SSLProxyEngine on > #SSLEngine on > #SSLProxyVerify none > #SSLProxyCheckPeerCN off > SSLCertificateFile /etc/pki/tls/certs/siem.mine.priv.crt > SSLCertificateKeyFile /etc/pki/tls/private/siem.mine.priv.key > #SSLProxyCACertificateFile /etc/wazuh-indexer/certs/root-ca.pem > #SSLProxyMachineCertificateFile /etc/wazuh-indexer/certs/admin.pem > > RequestHeader set X-Forwarded-Proto “https” > RequestHeader set X-Forwarded-Port “443” > > ProxyRequests Off > #ProxyPreserveHost on > #ProxyPass / https://127.0.0.1:8443/ > #ProxyPassReverse / https://127.0.0.1:8443/ > > <Location "/"> > # preserve Host header to avoid cross-origin problems > ProxyPreserveHost on > # proxy to > ProxyPass https://127.0.0.1:8443/ > ProxyPassReverse https://127.0.0.1:8443/ > </Location> > > </VirtualHost> > > As you can see I've fiddle whit all those options in different > combinations but nothing works for me. > Would you know how to fix or... perhaps you have Apache rev-proxying to > Wazuh? > > errors in log: > .... > [Wed Oct 04 10:34:54.179364 2023] [proxy:error] [pid 1069029:tid 1069198] > (20014)Internal error (specific information not available): [client > 10.3.9.144:46858] AH01084: pass request body failed to 127.0.0.1:8443 > (127.0.0.1) > [Wed Oct 04 10:34:54.179394 2023] [proxy:error] [pid 1069029:tid 1069198] > [client 10.3.9.144:46858] AH00898: Error during SSL Handshake with remote > server returned by / > [Wed Oct 04 10:34:54.179397 2023] [proxy_http:error] [pid 1069029:tid > 1069198] [client 10.3.9.144:46858] AH01097: pass request body failed to > 127.0.0.1:8443 (127.0.0.1) from 10.3.9.144 () > > many thanks, L. > > ought... sometimes systemctl's _reload_ will not do but "full" restart will >
