This is an email I sent to apache.org and modssl.org
It is more elaborate than my last two postings and contains greater detail of what I am trying to accomplish.
Since I can't attach files to this post, please go to
http://www.sonic.net/~caine/apache/ to find the files that originally accompanied this email.
###############################################################################
# GREETINGS AND SALUTATIONS
###############################################################################
apache.org / modssl.org
First and foremost, Hello!
I'm not sure which support group to send this to, nor am I sure that what I am trying to accomplish is possible. I am rather new to Apache administration, so please be patient. And before anyone suggests that I should read the Apache and/or mod_ssl docs - believe me when I say I have read them both as well as the O'Reilly book "Apache, The Definitive Guide - 3rd Edition" for the past 4 days straight.
I will try to explain in as much detail as possible the kind of environment I am dealing with here.
Due to the nature of our business, and various Non-Disclosure Agreements (NDA's) we are bound to, I have changed all IP addresses, domain names, and proprietary company information where applicable as well as having removed any internal, proprietary information from all attached files.
###############################################################################
# VERSION INFORMATION
###############################################################################
Red Hat Enterprise Linux ES release 4 (Nahant Update 3) Apache v2.0.52 OpenSSL 0.9.7a
###############################################################################
# APACHE BUILD INFORMATION
###############################################################################
Unfortunately, I cannot provide you with the details for how this version of Apache + mod_ssl + OpenSSL was built as this was done by someone other than myself.
###############################################################################
# DESCRIPTION OF PROBLEM
###############################################################################
We are running a Windows 2003 SE server. The IP address for this server is 10.0.0.200.
On this server is a JAVA/Web server called Orion (Orion 2.0.7). If you are familiar with JBoss, then you will understand the concept behind Orion.
Orion serves up many different web-based JAVA applications for our Q&A team. Each application is served up via a different port. Therefore, as an example, we can have one application running on
http://10.0.0.200:8080 and another application running on
http://10.0.0.200:8081.
Each application is defined within our DNS server with the given IP address of 10.0.0.210. This IP address is the location of our (reverse) proxy server, running the aforementioned Red Hat Enterprise Linux ES release 4 (Nahant Update 3) and Apache v2.0.52.
All http (protocol 80) requests for each individual application are resolved in DNS and get routed to 10.0.0.210 - the Apache (proxy) server. Apache, configured with Name-Based Virtual Hosts, then routes the incoming requests to the appropriate backend server (in this case, 10.0.0.200) on the correct port. So for example, if someone requests
http://foobar.website.com - DNS resolves foobar to 10.0.0.210, where Apache then looks up foobar.website.com and routes it to
http://10.0.0.200:8080 - then, 10.0.0.200 (the Orion server) sees the request coming in on port 8080 and relays the contents of foobar.website.com.
This is all fairly simple stuff.
Here's where I'm having a problem.
We have just configured a site on 10.0.0.200 (the Orion server) with an SSL certificate. Orion handles the SSL certificate. Let's call this site ssl-site.website.com. This site is running on port 8418. If we direct our web browser to
https://10.0.0.200:8418 we can see the login page of the site. However, for all intents and purposes, we would prefer to have users, in standard fashion, point their web browser to
https://ssl-site.website.com.
So, to configure this site in line with the rest of the non-SSL sites, I added ssl-site to the DNS server. However, I did not give it the IP address of the proxy. Instead, I gave it a unique IP address of 10.0.0.218.
On the Red Hat Enterprise Linux ES release 4 (Nahant Update 3), I bound the IP address of 10.0.0.218 to eth0:5.
I then told Apache, via an IP-Based Virtual Host entry in ssl.conf to redirect all traffic from 10.0.0.218:443 to 10.0.0.200:8418. Unfortunately, this method does not seem to work as I had hoped it would.
I also have a similar configuration in httpd.conf - this does bring up the login page, but once log in has been established, no further data is transmitted and we're back to square one.
I have attached (edited) copies of my httpd.conf, ssl.conf, and log files pertaining to ssl-site for your review.
Any assistance anyone can provide regarding this matter would be greatly appreciated.
Thank you,
Soulgrind
