https proxy path [#29238]

Submitted by jreimer on Thu, 08/08/2013 - 08:47 Pro Licensee

Hello,

I am having trouble with enabling https proxy load balancing. See details here:

http://sourceforge.net/mailarchive/forum.php?thread_name=CAPY%3D%3Djm1yc...

I have upgrded to 4.01 and now I get an "Internal Server Error" when trying to redirect using https sites.

Thanks, Dan.

Status:

Closed (fixed)

Comments

Submitted by andreychek on Thu, 08/08/2013 - 09:03 Comment #1

Howdy -- hmm, what error do you see in the Apache logs whenever you receive that Internal Server error?

You can see the Apache logs in $HOME/logs/error_log.

Submitted by jreimer on Thu, 08/08/2013 - 11:48 Pro Licensee Comment #2

[Wed Aug 07 16:26:36 2013] [error] [client 10.5.0.132] SSL Proxy requested for gvsd.ca:80 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:26:36 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:443 (filr2.gvsd.ca)
[Wed Aug 07 16:26:43 2013] [error] [client 10.5.0.131] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:26:43 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:443 (filr1.gvsd.ca)
[Wed Aug 07 16:30:31 2013] [error] [client 10.5.0.132] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:30:31 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:443 (filr2.gvsd.ca)
[Wed Aug 07 16:30:47 2013] [error] [client 10.5.0.131] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:30:47 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:443 (filr1.gvsd.ca)
[Wed Aug 07 16:31:43 2013] [error] [client 10.5.0.132] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:31:43 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:443 (filr2.gvsd.ca)
[Wed Aug 07 16:31:45 2013] [error] [client 10.5.0.131] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:31:45 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:443 (filr1.gvsd.ca)
[Wed Aug 07 16:31:45 2013] [error] [client 10.5.0.132] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:31:45 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:443 (filr2.gvsd.ca)
[Wed Aug 07 16:32:14 2013] [error] [client 10.5.0.132] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:14 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:8443 (filr2.gvsd.ca)
[Wed Aug 07 16:32:14 2013] [error] [client 10.5.0.131] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:14 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:8443 (filr1.gvsd.ca)
[Wed Aug 07 16:32:15 2013] [error] [client 10.5.0.131] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:15 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:8443 (filr1.gvsd.ca)
[Wed Aug 07 16:32:16 2013] [error] [client 10.5.0.132] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:16 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:8443 (filr2.gvsd.ca)
[Wed Aug 07 16:32:19 2013] [error] [client 10.5.0.131] SSL Proxy requested for gvsd.ca:80 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:19 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:8443 (filr1.gvsd.ca)
[Wed Aug 07 16:32:19 2013] [error] [client 10.5.0.132] SSL Proxy requested for gvsd.ca:80 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:19 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:8443 (filr2.gvsd.ca)
[Wed Aug 07 16:32:22 2013] [error] [client 10.5.0.132] SSL Proxy requested for gvsd.ca:80 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:22 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.132:8443 (filr2.gvsd.ca)
[Wed Aug 07 16:32:22 2013] [error] [client 10.5.0.131] SSL Proxy requested for gvsd.ca:80 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:32:22 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.131:8443 (filr1.gvsd.ca)
[Wed Aug 07 16:35:03 2013] [error] [client 10.5.0.110] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:35:03 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.110:443 (www.gvsd.ca)
[Wed Aug 07 16:35:03 2013] [error] [client 10.5.0.110] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:35:03 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.110:443 (www.gvsd.ca)
[Wed Aug 07 16:35:04 2013] [error] [client 10.5.0.110] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:35:04 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.110:443 (www.gvsd.ca)
[Wed Aug 07 16:35:05 2013] [error] [client 10.5.0.110] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:35:05 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.110:443 (www.gvsd.ca)
[Wed Aug 07 16:35:07 2013] [error] [client 10.5.0.110] SSL Proxy requested for filr.gvsd.ca:443 but not enabled [Hint: SSLProxyEngine]
[Wed Aug 07 16:35:07 2013] [error] proxy: HTTPS: failed to enable ssl support for 10.5.0.110:443 (www.gvsd.ca)

Submitted by andreychek on Thu, 08/08/2013 - 11:58 Comment #3

It looks as if Virtualmin may need to add an additional line to the Apache config in order for that to work properly.

Are you familiar with editing the Apache config?

Jamie should be able to have this resolved in the next Virtualmin version, but you can manually add this parameter to Apache if you're comfortable with that.

What you'd need to do is edit /etc/httpd/conf/httpd.conf, find the VirtualHost entry that's associated with this particular domain name -- and right above where you see the Proxy config lines that have been added, you'd want to add this line:

SSLProxyEngine On

Submitted by JamieCameron on Thu, 08/08/2013 - 15:00 Comment #4

The next Virtualmin release will add that SSLProxyEngine directive for you automatically.

Submitted by jreimer on Fri, 08/09/2013 - 20:39 Pro Licensee Comment #5

Looks like it's working now.

Thanks,

Submitted by jreimer on Tue, 08/13/2013 - 11:24 Pro Licensee Comment #6

I found now that it works if you go to https://site.com, but if you go to http://site.com it gives the same internal server error.

I would like all requests be it https or http to get redirected.

Thanks, Dan.

Submitted by JamieCameron on Tue, 08/13/2013 - 12:50 Comment #7

Did you add the SSLProxyEngine on line to the <virtualhost> blocks for both port 80 and 443?

Submitted by jreimer on Wed, 08/14/2013 - 11:12 Pro Licensee Comment #8

That worked. Thanks again.

Dan.

Submitted by Issues on Wed, 08/28/2013 - 12:41 Comment #9

Automatically closed -- issue fixed for 2 weeks with no activity.