mod_proxy under Apache2 not working with some https sites
Hi all,
I have this need to setup a reverse-proxy server, the situation is as follows:
Server_1:
Debian4 + Apache2, port 80/443 open to public
ssl cert 128-bit is installed on one host, publicly signed, let's say https://www.111.com/
Server_2:
https://www.222.com/app/ is a working web application site, not open to public but is accessible only from Server_1 via 443.
ssl cert on this site is private and not publicly signed.
The two servers sits on completely different subnets, they communicate over the Internet.
Basically I need to publish the site https://www.111.com/ for the public with the content and interface of https://www.222.com/app/.
On Server_1 (www.111.com) I enabled mod_proxy, mod_proxy_http, mod_proxy_connect, ssl, and configured the site as follows.
NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.111.com
DocumentRoot /somepath/111/
<Directory /somepath/111/>
Options FollowSymLinks MultiViews
DirectoryIndex main index.htm index.html
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/cert.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCACertificateFile /etc/apache2/ssl/intermediate.crt
ProxyRequests Off
SSLProxyEngine On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://www.222.com/app/
ProxyPassReverse / https://www.222.com/app/
</VirtualHost>
Now I restarted apache2, accessed https://www.111.com/ and I saw the contents of the second server on top of it, but some images(.png, .gif) are not shown and so does .css it seems like.
https://www.222.com/app/ has login to the site (written in .jsp) but neither this seem to be working.
I tried to change the destination site (in place of Server_2) to some other public http/https site and they seem to be working correctly...
I've been changing the config of the site but just doesn't seem to be going in the right direction,, did anyone have a similar problem and was able to solve it?
Could the un-signed certificate on www.222.com be the cause of the problem?
Thanks!
|