osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] SNI extension for healthchecks


Hello all

 

I face the problem, that the sni extension is not set on healthcheck-requests to a backend using tls. Because healthchecks are negative, this leads to ordinary requests also beeing denied.

on the backend server i have the following error:

AH02033: No hostname was provided via SNI for a name based virtual host

I’ve also investigated it with wireshark, the extionsion is defenitely not set.

 

My config looks as follows:

---------------------------------------------------------------------------------

Listen 127.0.0.1:443

ServerName www.localhost.com

 

<VirtualHost 127.0.0.1:443>

    ServerName www.localhost.com

    ServerAlias localhost.com

    SSLCertificateFile /etc/httpd/ssl/ca.crt

    SSLCertificateKeyFile /etc/httpd/ssl/ca.key

    SSLEngine on

    SSLProxyEngine on

 

    ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/}

    ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get hcuri=/healthcheck.php

 

  <Proxy balancer://mycluster lbmethod=byrequests>

    BalancerMember https://127.0.0.1:8443

    BalancerMember https://127.0.0.1:8444

    ProxyPreserveHost On

    SSLProxyProtocol  TLSv1

  </Proxy>

  <Location />

    ProxyPass  balancer://mycluster/

    ProxyPassReverse  balancer://mycluster/

  </Location>

</VirtualHost>

---------------------------------------------------------------------------------

I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the problem ..

Am I missing something, or is this eventually a bug in mod_proxy_hcheck?

Thanks in advance for help/ideas on this!

 

Cheers

Dominik

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature