Reverse Proxy HTTPS

federico.ballarini · June 21, 2017, 6:50am

NethServer Version: 7
Module: Reverse Proxy

I need to configure Reverse Proxy in HTTPS protocol.
When I create Virtual Hosts for port 80 they works fine, because redirect the traffic to the correct server. Then servers redirect traffic to https://. Here the firewall redirect traffic through 443 Virtual Hosts. But I get this error on Google Chrome: ERR_CONNECTION_CLOSED or ERR_CONNECTION_REFUSED.

Now I delete the Virtual Hosts and reload httpd. One of my Virtual Hosts was this:

<VirtualHost *:80 > ServerName www.iisvittuone.net ServerAlias iisvittuone.net ProxyPreserveHost On ProxyPass / http://192.168.8.3/ ProxyPassReverse / http://192.168.8.3/ </VirtualHost>

This works fine. But this no:

<VirtualHost *:443> ServerName www.iisvittuone.net ServerAlias iisvittuone.net ProxyPreserveHost On SSLEngine On SSLProxyEngine on ProxyPass / https://192.168.8.3/ ProxyPassReverse / https://192.168.8.3/ </VirtualHost>

I think that is a problem with certificates: on Nethserver I required certificate with Let’s Encrypt. On debian server I have some certificates always required with Let’s Encrypt.

Thanks.

Federico Ballarini

m.traeumner · June 21, 2017, 7:20am

Could you please try with an other browser?
It looks like a network error, I think the reason for this is the redirction.
Please have a look at the logs.

federico.ballarini · June 21, 2017, 7:22am

I have alredy tried with Google Chrome, Safari and Firefox. And it doensn’t work.
Sorry, but I’m a new user: what logs files I have to open?

m.traeumner · June 21, 2017, 7:56am

Please have a look at

/var/log/httpd/access.log and /var/log/httpd/ssl_access_log

and

/var/log/httpd/error.log and /var/log/httpd/ssl_error_log

requested SSL sites you can found at

/var/log/httpd/ssl_request_log

system messages you get on

/var/log/messages

federico.ballarini · June 21, 2017, 8:32am

This is what of important I have found on logs files.

/var/log/httpd/error_log
[Wed Jun 21 10:25:03.118379 2017] [ssl:emerg] [pid 2606] AH02312: Fatal error initialising mod_ssl, exiting.

federico.ballarini · June 21, 2017, 8:34am

I’m now obtainig ERR_CONNECTION_REFUSED

I have added into /etc/httpd/conf.d a file called aaa_redirect.conf

<VirtualHost *:80> ServerName www.iisvittuone.net ServerAlias www.talenti.iisvittuone.net ServerAlias www.corsi.iisvittuone.net ServerAlias www.app.elexpo.net ServerAlias www.evo.elexpo.net ServerAlias iisvittuone.net ServerAlias talenti.iisvittuone.net ServerAlias corsi.iisvittuone.net ServerAlias app.elexpo.net ServerAlias evo.elexpo.net ProxyPreserveHost On ProxyPass / http://192.168.8.3/ ProxyPassReverse / http://192.168.8.3/ </VirtualHost>

<VirtualHost *:443> SSLEngine On ServerName www.iisvittuone.net ServerAlias www.talenti.iisvittuone.net ServerAlias www.corsi.iisvittuone.net ServerAlias www.app.elexpo.net ServerAlias www.evo.elexpo.net ServerAlias iisvittuone.net ServerAlias talenti.iisvittuone.net ServerAlias corsi.iisvittuone.net ServerAlias app.elexpo.net ServerAlias evo.elexpo.net ProxyPreserveHost On SSLProxyEngine on ProxyPass / https://192.168.8.3/ ProxyPassReverse / https://192.168.8.3/ </VirtualHost>

<VirtualHost *:80> ServerName www.umanetexpo.net ServerAlias www.elexpo.net ServerAlias www.umanet.net ServerAlias umanetexpo.net ServerAlias elexpo.net ServerAlias umanet.net ProxyPreserveHost On ProxyPass / http://192.168.8.4/ ProxyPassReverse / http://192.168.8.4/ </VirtualHost>

<VirtualHost *:443> SSLEngine On ServerName www.umanetexpo.net ServerAlias www.elexpo.net ServerAlias www.umanet.net ServerAlias umanetexpo.net ServerAlias elexpo.net ServerAlias umanet.net ProxyPreserveHost On SSLProxyEngine on ProxyPass / https://192.168.8.4/ ProxyPassReverse / https://192.168.8.4/ </VirtualHost>

Now I have disabled this file beaucause I got a generic error when I reload (the first time it works).

m.traeumner · June 21, 2017, 10:49am

@Hunv at Question regarding Reverse Proxy Feature you wrote that you got Reverse Proxy to work. Can you help @federico.ballarini, because I didn’t use it.

Hunv · June 21, 2017, 11:59am

My one is:

<VirtualHost *:80>
    ServerName mydomain.de
    ServerAlias *.mydomain.de mydomain2.de *.mydomain.de map.mydomain3.de
    ProxyPreserveHost On
    ProxyPass / http://10.2.0.10/
    ProxyPassReverse / http://10.2.0.10/
</VirtualHost>
<VirtualHost *:443>
    ServerName mydomain.de
    ServerAlias *.mydomain.de mydomain2.de *.mydomain2.de map.mydomain3.de
    ProxyPreserveHost On
    SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile /etc/letsencrypt/live/neth.de-0001/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/neth.de-0001/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/neth.de-0001/chain.pem
    SSLCACertificateFile /etc/letsencrypt/live/neth.de-0001/fullchain.pem
    ProxyPass / https://10.2.0.10/
    ProxyPassReverse / https://10.2.0.10/
</VirtualHost>

What you are missing is the stuff for the certificates in the SSL-Configured sections.

federico.ballarini · June 21, 2017, 12:57pm

It works!
Thansk a lot!

Federico Ballarini

m.traeumner · June 21, 2017, 1:09pm

Thanks for reply