Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4.2 SSL issue |
|
| Author |
|
mmalik1981
Joined: 14 Sep 2012
Posts: 1
|
 Posted: Fri 14 Sep '12 23:12 Post subject: Apache 2.4.2 SSL issue |
 |
|
I have Apache 2.4.2 connected to Tomcat 6.0.35 via AJP connector. The problem I am having is with the https requests. I can access my application operations console using http just fine, with https however, I get a Connection TimeOut error. I enabled debugging and got this in the log file:
"the timeout specified has expired ssl input filter read failed"
I spent a day googling but could not find anything useful. The interesting thing is that the config was working just fine till a few days back. Tomcat server.xml is pretty much standard. httpd-ssl.conf is as:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/pw/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/usr/pw/pronto/web/html"
ServerName <HOSTIP>
ServerAdmin root
ErrorLog /usr/pw/apache/logs/error_log
RewriteEngine On
RewriteRule ^/admin$ /admin/jsp/Login.jsp [R]
RewriteRule ^/admin/$ /admin/jsp/Login.jsp [R]
RewriteRule /admin/index.html /admin/jsp/Login.jsp [R]
RewriteRule ^/$ /jsp/Login.jsp [R]
RewriteRule index.html /jsp/Login.jsp [R]
RewriteRule /downloads /jsp/proactive_downloads.jsp [R]
RewriteRule /servlets/com.proactivenet.servlet.Login /jsp/Login.jsp [R,NE]
RewriteCond %{REQUEST_METHOD} !(^GET|^POST|^HEAD)
RewriteCond %{REQUEST_URI} !/bppmws/api
RewriteRule .* - [F]
RewriteRule ^/jsp/(.*).jspf$ - [F]
RewriteRule ^/jsp/(.*).(jsp_org|jsp.org) - [F]
SSLEngine on
SSLCertificateFile "/usr/pw/apache/conf/server.crt"
SSLCertificateKeyFile "/usr/pw/apache/conf/server.key"
SSLCACertificateFile /usr/pw/apache/conf/TunnelAgent.crt
<Location /controller/>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/pw/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/pw/apache/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<IfModule mod_proxy_ajp.c>
SSLProxyEngine on
Include conf/extra/httpd-proxy.conf
</IfModule>
</VirtualHost>
Anyone any suggestions?? I noticed that Apache has done some upgrades in 2.4.3 related to OpenSSL but that did not work for me either.
Would really appreciate some pointers. Thanks much! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Mon 17 Sep '12 17:15 Post subject: |
|
|
With Apache 2.4.3
now it works to set
AcceptFilter https none
AcceptFilter http none
well that is more for windows than any other OS.
How do you connect to the backend?
I had (on windows) no problem using
| Code: |
<Location />
ProxyPass ajp://localhost:8009/
ProxyPassReverse ajp://localhost:8009/
</Location>
|
Since I see SSLProxyEngine on
Do you connect over https to the backenend server?
I had many issue doing that on my unbuntu server. it cooked my CPU... |
|
| Back to top |
|
|
|
|
|
|
