Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roman2016-02-09 16:19:15
Apache HTTP Server
Roman, 2016-02-09 16:19:15

Request Tracker behind a reverse proxy. How?

Rotary installed, ports 80 and 443 forwarded to 192.168.1.11
Debian8 and apache2 are installed on 1.11.
1.31 has debian8, apache2 and rt installed.
Inside the network everything works fine.
On 1.11, a file has been added to the Apache config:

[email protected]:/etc/apache2/sites-available# cat rt.domain.ru.conf
<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName rt.domain.ru
        ServerAlias www.rt.domain.ru
        SSLProxyEngine On
        #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
        #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLProxyCheckPeerCN on
        SSLProxyCheckPeerExpire on
        #ProxyRequests Off
        #ProxyPreserveHost On
        #ProxyVia full
        #<proxy *>
        #Order deny,allow
        #Allow from all
        #</proxy>
        ProxyPass / https://192.168.1.31/
        ProxyPassReverse / https://192.168.1.31/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

From the config you can see that I tried different options, but the error is always the same :(
Ошибка подключения SSL
ERR_SSL_PROTOCOL_ERROR

I don’t know much about questions, but there is a desire to figure it out ...
As I understand it, certificates from 1.31 are needed for 1.11, but I don’t understand which ones, I didn’t create anything when installing rt, but in that Apache config you can see that it seems to be using default ones

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Roman, 2016-02-11
@Uvetrom

It is necessary to disable certificate verification on 1.11 if the certificates are self-signed. This is how I understand the problem.
Working config, if anyone needs it:

<VirtualHost *:443>
        DocumentRoot /var/www/www
        ServerAdmin [email protected]
        ServerName rt.domain.ru
        ServerAlias www.rt.domain.ru
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLProxyEngine on
        ProxyRequests Off
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        ProxyPreserveHost On
        ProxyPass / https://192.168.1.31/
        ProxyPassReverse / https://192.168.1.31/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Similar questions
E
Emptyform2015-09-03 12:42:06
Criticize the layout, what are the errors in it? 7Reply
I
Ilya Petrovsky2014-11-24 00:19:54
An analogue of the Open Server toolkit for managing domains and databases for web development under Linux? 3Reply
M
Maxim E2014-11-26 11:59:47
How to implement secure access to Apache/Mysql server? 4Reply
M
marshadow2020-12-30 13:32:56
How to use Flask with Apache(openserver) on windows? 1Reply
B
BuBux2019-04-23 16:19:42
How to host a Laravel website? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question