Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: SessionCryptoPassphrase errors with reverse proxy |
|
| Author |
|
tallandtree
Joined: 31 Mar 2016
Posts: 4
Location: NL
|
 Posted: Thu 31 Mar '16 13:06 Post subject: SessionCryptoPassphrase errors with reverse proxy |
 |
|
I'm setting up apache (2.4, from dockerhub, latest httpd:2.4) in a docker environment as reverse proxy to other applications (jenkins, dockerui, jira, etc) and use forms and sessions to authenticate to jenkins. But I experience issues with the use of session encryption (through SessionCryptoPassphrase) only in combination with jenkins.
Without SessionCryptoPassphrase set, everything works smooth, no errors. But with encrypted sessions, I get a lot of random errors in the apache error log on jenkins pages (session_crypto:error and proxy:error) and the jenkins site becomes slow and sometimes gives script errors in the browser.
Part of httpd-vhosts.conf:
| Code: | SessionCryptoDriver openssl
Listen 443 https
<VirtualHost *:443>
<Location "/">
AuthFormLoginRequiredLocation "/login.html"
AuthFormLoginSuccessLocation "/index.html"
AuthType form
AuthFormProvider admin-users ldap-users
LDAPReferrals Off
AuthName realm
Session On
SessionCryptoPassphrase secret
SessionCookieName mySession path=/; domain=mydomain.com; HttpOnly; secure
</Location>
<Location "/dologin.html">
SetHandler form-login-handler
AuthFormLoginRequiredLocation "/loginerror.html"
AuthFormLoginSuccessLocation "/index.html"
AuthFormProvider admin-users ldap-users
LDAPReferrals Off
AuthType form
AuthName realm
Session On
SessionCryptoPassphrase secret
SessionCookieName sys-yoda1Session path=/; domain=mydomain.com; HttpOnly; secure
</Location>
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/certs/server-cert.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/certs/server-key.pem"
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Proxy *>
SetEnv proxy-initial-not-pooled 1
Require valid-user
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
RequestHeader unset X-Forwarded-User
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1,NS]
RequestHeader set X-Forwarded-User %{RU}e
</Proxy>
<Location "/cm-jenkins/">
ProxyPass http://cm-jenkins:8080/cm-jenkins/ nocanon
ProxyPassReverse http://cm-jenkins:8080/cm-jenkins/
ProxyPassReverse http://mydomain.com/cm-jenkins/
</Location>
|
I've also tried with ajp instead of http, but exactly same behaviour (errors).
Error (random on page clicks in apache error log):
| Code: | [Thu Mar 31 10:44:26.033743 2016] [session_crypto:error] [pid 8:tid 140165737998080] (100006)Error string not specified yet: [client 10.100.19.221:52592] AH01842: decrypt session failed, wrong passphrase?, referer: https://mydomain.com/cm-jenkins/asynchPeople/
[Thu Mar 31 10:44:26.033783 2016] [session:error] [pid 8:tid 140165737998080] (100006)Error string not specified yet: [client 10.100.19.221:52592] AH01817: error while decoding the session, session not loaded: /cm-jenkins/static/fb6c7098/images/24x24/user.png, referer: https://mydomain.com/cm-jenkins/asynchPeople/
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
tallandtree
Joined: 31 Mar 2016
Posts: 4
Location: NL
|
| Posted: Mon 04 Apr '16 12:27 Post subject: |
|
|
| Not sure if that is the same issue, as I'm not changing the SessionCryptoPassphrase. But it can be related of course. |
|
| Back to top |
|
|
|
|
|
|
