NethServer Version: 7
Module: Reverse Proxy
I need to configure Reverse Proxy in HTTPS protocol.
When I create Virtual Hosts for port 80 they works fine, because redirect the traffic to the correct server. Then servers redirect traffic to https://. Here the firewall redirect traffic through 443 Virtual Hosts. But I get this error on Google Chrome: ERR_CONNECTION_CLOSED or ERR_CONNECTION_REFUSED.
Now I delete the Virtual Hosts and reload httpd. One of my Virtual Hosts was this:
<VirtualHost *:80 > ServerName www.iisvittuone.net ServerAlias iisvittuone.net ProxyPreserveHost On ProxyPass / http://192.168.8.3/ ProxyPassReverse / http://192.168.8.3/ </VirtualHost>
This works fine. But this no:
<VirtualHost *:443> ServerName www.iisvittuone.net ServerAlias iisvittuone.net ProxyPreserveHost On SSLEngine On SSLProxyEngine on ProxyPass / https://192.168.8.3/ ProxyPassReverse / https://192.168.8.3/ </VirtualHost>
I think that is a problem with certificates: on Nethserver I required certificate with Let’s Encrypt. On debian server I have some certificates always required with Let’s Encrypt.
Thanks.
Federico Ballarini
m.traeumner
(Michael Träumner)
June 21, 2017, 7:20am
2
Could you please try with an other browser?
It looks like a network error, I think the reason for this is the redirction.
Please have a look at the logs.
I have alredy tried with Google Chrome, Safari and Firefox. And it doensn’t work.
Sorry, but I’m a new user: what logs files I have to open?
m.traeumner
(Michael Träumner)
June 21, 2017, 7:56am
4
Please have a look at
/var/log/httpd/access.log and /var/log/httpd/ssl_access_log
and
/var/log/httpd/error.log and /var/log/httpd/ssl_error_log
requested SSL sites you can found at
/var/log/httpd/ssl_request_log
system messages you get on
/var/log/messages
This is what of important I have found on logs files.
/var/log/httpd/error_log
[Wed Jun 21 10:25:03.118379 2017] [ssl:emerg] [pid 2606] AH02312: Fatal error initialising mod_ssl, exiting.
I’m now obtainig ERR_CONNECTION_REFUSED
I have added into /etc/httpd/conf.d a file called aaa_redirect.conf
<VirtualHost *:80> ServerName www.iisvittuone.net ServerAlias www.talenti.iisvittuone.net ServerAlias www.corsi.iisvittuone.net ServerAlias www.app.elexpo.net ServerAlias www.evo.elexpo.net ServerAlias iisvittuone.net ServerAlias talenti.iisvittuone.net ServerAlias corsi.iisvittuone.net ServerAlias app.elexpo.net ServerAlias evo.elexpo.net ProxyPreserveHost On ProxyPass / http://192.168.8.3/ ProxyPassReverse / http://192.168.8.3/ </VirtualHost>
<VirtualHost *:443> SSLEngine On ServerName www.iisvittuone.net ServerAlias www.talenti.iisvittuone.net ServerAlias www.corsi.iisvittuone.net ServerAlias www.app.elexpo.net ServerAlias www.evo.elexpo.net ServerAlias iisvittuone.net ServerAlias talenti.iisvittuone.net ServerAlias corsi.iisvittuone.net ServerAlias app.elexpo.net ServerAlias evo.elexpo.net ProxyPreserveHost On SSLProxyEngine on ProxyPass / https://192.168.8.3/ ProxyPassReverse / https://192.168.8.3/ </VirtualHost>
<VirtualHost *:80> ServerName www.umanetexpo.net ServerAlias www.elexpo.net ServerAlias www.umanet.net ServerAlias umanetexpo.net ServerAlias elexpo.net ServerAlias umanet.net ProxyPreserveHost On ProxyPass / http://192.168.8.4/ ProxyPassReverse / http://192.168.8.4/ </VirtualHost>
<VirtualHost *:443> SSLEngine On ServerName www.umanetexpo.net ServerAlias www.elexpo.net ServerAlias www.umanet.net ServerAlias umanetexpo.net ServerAlias elexpo.net ServerAlias umanet.net ProxyPreserveHost On SSLProxyEngine on ProxyPass / https://192.168.8.4/ ProxyPassReverse / https://192.168.8.4/ </VirtualHost>
Now I have disabled this file beaucause I got a generic error when I reload (the first time it works).
m.traeumner
(Michael Träumner)
June 21, 2017, 10:49am
7
@Hunv at Question regarding Reverse Proxy Feature you wrote that you got Reverse Proxy to work. Can you help @federico.ballarini , because I didn’t use it.
2 Likes
Hunv
(Kristian Reukauff)
June 21, 2017, 11:59am
8
My one is:
<VirtualHost *:80>
ServerName mydomain.de
ServerAlias *.mydomain.de mydomain2.de *.mydomain.de map.mydomain3.de
ProxyPreserveHost On
ProxyPass / http://10.2.0.10/
ProxyPassReverse / http://10.2.0.10/
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.de
ServerAlias *.mydomain.de mydomain2.de *.mydomain2.de map.mydomain3.de
ProxyPreserveHost On
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/neth.de-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/neth.de-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/neth.de-0001/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/neth.de-0001/fullchain.pem
ProxyPass / https://10.2.0.10/
ProxyPassReverse / https://10.2.0.10/
</VirtualHost>
What you are missing is the stuff for the certificates in the SSL-Configured sections.
3 Likes