[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] SNI extension for healthchecks

Hello all


I face the problem, that the sni extension is not set on healthcheck-requests to a backend using tls. Because healthchecks are negative, this leads to ordinary requests also beeing denied.

on the backend server i have the following error:

AH02033: No hostname was provided via SNI for a name based virtual host

I’ve also investigated it with wireshark, the extionsion is defenitely not set.


My config looks as follows:



ServerName www.localhost.com



    ServerName www.localhost.com

    ServerAlias localhost.com

    SSLCertificateFile /etc/httpd/ssl/ca.crt

    SSLCertificateKeyFile /etc/httpd/ssl/ca.key

    SSLEngine on

    SSLProxyEngine on


    ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/}

    ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get hcuri=/healthcheck.php


  <Proxy balancer://mycluster lbmethod=byrequests>



    ProxyPreserveHost On

    SSLProxyProtocol  TLSv1


  <Location />

    ProxyPass  balancer://mycluster/

    ProxyPassReverse  balancer://mycluster/




I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the problem ..

Am I missing something, or is this eventually a bug in mod_proxy_hcheck?

Thanks in advance for help/ideas on this!





Attachment: smime.p7s
Description: S/MIME cryptographic signature