Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Roman2016-02-09 16:19:15
Apache HTTP Server
Roman, 2016-02-09 16:19:15

Request Tracker behind a reverse proxy. How?

Rotary installed, ports 80 and 443 forwarded to 192.168.1.11
Debian8 and apache2 are installed on 1.11.
1.31 has debian8, apache2 and rt installed.
Inside the network everything works fine.
On 1.11, a file has been added to the Apache config:

[email protected]:/etc/apache2/sites-available# cat rt.domain.ru.conf
<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName rt.domain.ru
        ServerAlias www.rt.domain.ru
        SSLProxyEngine On
        #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
        #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLProxyCheckPeerCN on
        SSLProxyCheckPeerExpire on
        #ProxyRequests Off
        #ProxyPreserveHost On
        #ProxyVia full
        #<proxy *>
        #Order deny,allow
        #Allow from all
        #</proxy>
        ProxyPass / https://192.168.1.31/
        ProxyPassReverse / https://192.168.1.31/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

From the config you can see that I tried different options, but the error is always the same :(
Ошибка подключения SSL
ERR_SSL_PROTOCOL_ERROR

I don’t know much about questions, but there is a desire to figure it out ...
As I understand it, certificates from 1.31 are needed for 1.11, but I don’t understand which ones, I didn’t create anything when installing rt, but in that Apache config you can see that it seems to be using default ones

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
R
Roman, 2016-02-11
@Uvetrom

It is necessary to disable certificate verification on 1.11 if the certificates are self-signed. This is how I understand the problem.
Working config, if anyone needs it:

<VirtualHost *:443>
        DocumentRoot /var/www/www
        ServerAdmin [email protected]
        ServerName rt.domain.ru
        ServerAlias www.rt.domain.ru
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLProxyEngine on
        ProxyRequests Off
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        ProxyPreserveHost On
        ProxyPass / https://192.168.1.31/
        ProxyPassReverse / https://192.168.1.31/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Similar questions
S
s0rr0w2013-08-13 23:59:28
Who met with the problem of slow work of WS under Apache in linux version 1C 8.2? 1Reply
O
Outsider V.2016-02-10 22:33:35
Why doesn't realpath work on CentOS? 1Reply
O
Outsider V.2016-02-11 01:19:04
Why are special characters from the database being killed on a remote server? 1Reply
T
Tim32016-02-11 15:23:15
squidanalyzer configuration? 1Reply
N
Nastradamus2013-09-04 18:08:17
Redirect to subdomain folder via RewriteRule 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question