LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-10-2006, 12:32 PM   #1
SoulGrind
LQ Newbie
 
Registered: Sep 2006
Posts: 9

Rep: Reputation: 0
Apache + Orion + SSL = Major Frustration


I removed this post because I have updated information...

Last edited by SoulGrind; 10-11-2006 at 03:43 PM.
 
Old 10-10-2006, 02:49 PM   #2
SoulGrind
LQ Newbie
 
Registered: Sep 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Adendum...

I removed this post because I have updated information...

Last edited by SoulGrind; 10-11-2006 at 03:43 PM.
 
Old 10-11-2006, 03:50 PM   #3
SoulGrind
LQ Newbie
 
Registered: Sep 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Updated Information

This is an email I sent to apache.org and modssl.org

It is more elaborate than my last two postings and contains greater detail of what I am trying to accomplish.
Since I can't attach files to this post, please go to http://www.sonic.net/~caine/apache/ to find the files that originally accompanied this email.

###############################################################################
# GREETINGS AND SALUTATIONS
###############################################################################
apache.org / modssl.org

First and foremost, Hello!

I'm not sure which support group to send this to, nor am I sure that what I am trying to accomplish is possible. I am rather new to Apache administration, so please be patient. And before anyone suggests that I should read the Apache and/or mod_ssl docs - believe me when I say I have read them both as well as the O'Reilly book "Apache, The Definitive Guide - 3rd Edition" for the past 4 days straight.

I will try to explain in as much detail as possible the kind of environment I am dealing with here.

Due to the nature of our business, and various Non-Disclosure Agreements (NDA's) we are bound to, I have changed all IP addresses, domain names, and proprietary company information where applicable as well as having removed any internal, proprietary information from all attached files.


###############################################################################
# VERSION INFORMATION
###############################################################################
Red Hat Enterprise Linux ES release 4 (Nahant Update 3) Apache v2.0.52 OpenSSL 0.9.7a


###############################################################################
# APACHE BUILD INFORMATION
###############################################################################
Unfortunately, I cannot provide you with the details for how this version of Apache + mod_ssl + OpenSSL was built as this was done by someone other than myself.


###############################################################################
# DESCRIPTION OF PROBLEM
###############################################################################
We are running a Windows 2003 SE server. The IP address for this server is 10.0.0.200.

On this server is a JAVA/Web server called Orion (Orion 2.0.7). If you are familiar with JBoss, then you will understand the concept behind Orion.

Orion serves up many different web-based JAVA applications for our Q&A team. Each application is served up via a different port. Therefore, as an example, we can have one application running on http://10.0.0.200:8080 and another application running on http://10.0.0.200:8081.

Each application is defined within our DNS server with the given IP address of 10.0.0.210. This IP address is the location of our (reverse) proxy server, running the aforementioned Red Hat Enterprise Linux ES release 4 (Nahant Update 3) and Apache v2.0.52.

All http (protocol 80) requests for each individual application are resolved in DNS and get routed to 10.0.0.210 - the Apache (proxy) server. Apache, configured with Name-Based Virtual Hosts, then routes the incoming requests to the appropriate backend server (in this case, 10.0.0.200) on the correct port. So for example, if someone requests http://foobar.website.com - DNS resolves foobar to 10.0.0.210, where Apache then looks up foobar.website.com and routes it to http://10.0.0.200:8080 - then, 10.0.0.200 (the Orion server) sees the request coming in on port 8080 and relays the contents of foobar.website.com.

This is all fairly simple stuff.

Here's where I'm having a problem.

We have just configured a site on 10.0.0.200 (the Orion server) with an SSL certificate. Orion handles the SSL certificate. Let's call this site ssl-site.website.com. This site is running on port 8418. If we direct our web browser to https://10.0.0.200:8418 we can see the login page of the site. However, for all intents and purposes, we would prefer to have users, in standard fashion, point their web browser to https://ssl-site.website.com.

So, to configure this site in line with the rest of the non-SSL sites, I added ssl-site to the DNS server. However, I did not give it the IP address of the proxy. Instead, I gave it a unique IP address of 10.0.0.218.

On the Red Hat Enterprise Linux ES release 4 (Nahant Update 3), I bound the IP address of 10.0.0.218 to eth0:5.

I then told Apache, via an IP-Based Virtual Host entry in ssl.conf to redirect all traffic from 10.0.0.218:443 to 10.0.0.200:8418. Unfortunately, this method does not seem to work as I had hoped it would.

I also have a similar configuration in httpd.conf - this does bring up the login page, but once log in has been established, no further data is transmitted and we're back to square one.

I have attached (edited) copies of my httpd.conf, ssl.conf, and log files pertaining to ssl-site for your review.

Any assistance anyone can provide regarding this matter would be greatly appreciated.

Thank you,

Soulgrind
 
Old 10-12-2006, 06:15 PM   #4
SoulGrind
LQ Newbie
 
Registered: Sep 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Issue Resolved

Moved SSL cert to the apache server - would have presented and opportunity for a "man in the middle attack" the other way anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 04:11 PM
apache + php + openldap = my big frustration :( toudi Slackware 3 07-19-2005 11:53 AM
apache + ssl help! aqoliveira Linux - Software 3 04-18-2005 12:36 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 10:10 AM
not exactly linux problem but i want to play Master of Orion 2 with my friend overnet suhis Linux - Games 0 02-04-2004 06:06 PM


All times are GMT -5. The time now is 07:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration