Discussion :

[sebcb1]

Bonjour a tous !

J'ai un serveur apache à partir du quel je peux faire du reverse proxy vers plusieurs autres sites de mon réseaux local.
Cela marche bien pour des redirection vers http mais pas https

exemple vers http:

<VirtualHost *:443>
ServerName srvnas.mywebcenter.fr
ProxyPass / http://srvnas.myhome
ProxyPassReverse / http://srvnas.myhome
SSLEngine On
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
SSLCertificateFile /srv/ssl/mywebcenter/mywebcenter.cert.pem
SSLCertificateKeyFile /srv/ssl/mywebcenter/mywebcenter.key.nopass.pem
SSLProtocol all -SSLv2
SSLCACertificateFile /srv/ssl/cacert.pem
SSLVerifyClient require
SSLVerifyDepth 1
</VirtualHost>

Mais avec https cela ne passe pas:

<VirtualHost *:443>
ServerName srvnas.mywebcenter.fr
ProxyPass / https://192.168.100.160:446
ProxyPassReverse / https://192.168.100.160:446
SSLEngine On
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
SSLCertificateFile /srv/ssl/mywebcenter/mywebcenter.cert.pem
SSLCertificateKeyFile /srv/ssl/mywebcenter/mywebcenter.key.nopass.pem
SSLProtocol all -SSLv2
SSLCACertificateFile /srv/ssl/cacert.pem
SSLVerifyClient require
SSLVerifyDepth 1
</VirtualHost>

Quand j'accède au site j'ai dans la log apache:

[Thu Dec 05 10:34:32 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160)
[Thu Dec 05 10:34:32 2013] [error] proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160) from 171.16.210.9 ()
[Thu Dec 05 10:34:33 2013] [error] [client 171.16.210.9] proxy: DNS lookup failure for: 192.168.100.160:446favicon.ico returned by /favicon.ico

https://192.168.100.160:446 est un serveur openfiler

Merci pour votre aide !

Seb

[sebcb1]

Petite erreur dans mon code:

C'est pas:

ProxyPass / https://192.168.100.160:446
ProxyPassReverse / https://192.168.100.160:446

Mais:

ProxyPass / https://192.168.100.160:446/
ProxyPassReverse / https://192.168.100.160:446/

Maintenant l'erreur est différente, il semble que j'accède au site car il me retourne:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://openfiler/"><b>https://openfiler/</b></a></blockquote></p>
</body></html>

[sebcb1]

Décidément ! j'avais pas mis https !

Maintenant je retrouve enfin l'erreur d'hier où je suis rester bloqué:

[Thu Dec 05 11:13:03 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160)
[Thu Dec 05 11:13:03 2013] [error] proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160) from 171.16.210.9 ()
[Thu Dec 05 11:13:03 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160)
[Thu Dec 05 11:13:03 2013] [error] proxy: pass request body failed to 192.168.100.160:446 (192.168.100.160) from 171.16.210.9 ()

[Marc3001]

Tente en désactivant la vérification de la validité du certificat avec la directive SSLProxyCheckPeerCN

[sbrillard]

Cela fonctionne
SSLProxyCheckPeerCN off

Merci de l'aide

Seb