osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62293] New: [Windows] Can't connect backend http server without ssl from reverse proxy server with ssl enabled.


https://bz.apache.org/bugzilla/show_bug.cgi?id=62293

            Bug ID: 62293
           Summary: [Windows] Can't connect backend http server without
                    ssl from reverse proxy server with ssl enabled.
           Product: Apache httpd-2
           Version: 2.4.33
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_http
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: y512yuki@xxxxxxxxx
  Target Milestone: ---

Problems:
        Can't connect backend source http server without ssl from reverse proxy
server with ssl enabled.

When it occurs:
        Always (Connect reverse proxy from client)

Error messages (Client side):
        Gateway Timeout
        The gateway did not receive a timely response from the upstream server
or application.

Error logs (Server side):
        [Thu Apr 12 22:57:01.642278 2018] [proxy:error] [pid 2748:tid 1180] (OS
10060)A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond.  : [client 10.254.0.55:9221] AH01084:
pass request body failed to 10.254.0.15:80 (sv05.example.com)
        [Thu Apr 12 22:57:01.642278 2018] [proxy_http:error] [pid 2748:tid
1180] [client 10.254.0.55:9221] AH01097: pass request body failed to
10.254.0.15:80 (sv05.example.com) from 10.254.0.55 ()

Solution in my environments:
        Revert changes in "mod_proxy_http.c" function "proxy_http_handler" to
version 2.4.29.
        Then, run perfectly.

        @@ -1948,8 +1948,8 @@ static int proxy_http_handler(request_rec *r,
proxy_worker *worker,

                 /* Step Three: Create conn_rec */
                 if (!backend->connection) {
        -            if ((status =
ap_proxy_connection_create_ex(proxy_function,
        -                                                        backend, r))
!= OK)
        +            if ((status = ap_proxy_connection_create(proxy_function,
backend,
        +                                                     c, r->server)) !=
OK)


My environments:
        Windows 7 x86 on Hyper-V
        Windows Server 2016 x64 on Hyper-V


Configurations (Reverse proxy):
        # If change "SSLEngine" to "off" and access reverse proxy server via
non-ssl http, will connect successful.
        # But this is not solution. I lost access from TLS clients.

        <VirtualHost *:443>
                ServerAdmin network@xxxxxxxxxxx
                DocumentRoot "/Test/"

                ServerName ssl.example.com

                ProxyRequests Off
                ProxyPreserveHost On
                ProxyPass / http://sv05.example.com/
                ProxyPassReverse / http://sv05.example.com/

                SSLEngine on
                SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
                SSLHonorCipherOrder off
                SSLCipherSuite
+NULL:EDH:RSA:!DH:ADH:DSS:HIGH:!EXP:!Low:!SHA1:!MD5:!RC4:!DES:!IDEA:!CAMELLIA:!SEED:!SSLv2:!SSLv3

                SSLCertificateFile conf/SSL/Site.cer
                SSLCertificateKeyFile conf/SSL/Site.key
                SSLCACertificateFile conf/SSL/CA.cer
        </VirtualHost>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx