Hi to all member's forum.
I have an httpd server with mod_proxy that forward any request to an another server.
the flow is: client --> requesto proxy https://miosito.it --> forward to server https://192.168.0.10:8443/
I'm reading this error in my httpd log in LogLevel debug (after some request):
Thu Apr 15 10:37:10 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O error, 5 bytes expected to read on BIO#863acd0 [mem: 863b420]
[Thu Apr 15 10:37:10 2010] [info] [client 192.168.0.10] (70007)The timeout specified has expired: SSL input filter read failed.
[Thu Apr 15 10:37:10 2010] [error] [client 10.0.2.123] (70007)The timeout specified has expired: proxy: error reading status line from remote server 192.168.0.10, referer: https://miosito.it/cas-server-webapp-3.3.5/login?service=https%3A%2F%2Fmiosito.it%2FUAP%2Fj_spring_cas_security_check
[Thu Apr 15 10:37:10 2010] [debug] mod_proxy_http.c(1466): [client 10.0.2.123] proxy: NOT Closing connection to client although reading from backend server 192.168.0.10 failed., referer: https://miosito.it/cas-server-webapp-3.3.5/login?service=https%3A%2F%2Fmiosito.it%2FUAP%2Fj_spring_cas_security_check
[Thu Apr 15 10:37:10 2010] [error] [client 10.0.2.123] proxy: Error reading from remote server returned by /UAP/j_spring_cas_security_check, referer: https://miosito.it/cas-server-webapp-3.3.5/login?service=https%3A%2F%2Fmiosito.it%2FUAP%2Fj_spring_cas_security_check
[Thu Apr 15 10:37:10 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has released connection for (192.168.0.10)
[Thu Apr 15 10:37:10 2010] [info] [client 10.0.2.123] Connection closed to child 7 with unclean shutdown (server miosito.it:443)
this is my system:
# uname -a
Linux SRV01 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
# rpm -qa | grep http
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
jakarta-commons-httpclient-3.0-7jpp.1
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2
# rpm -qa | grep ssl
openssl-devel-0.9.8e-7.el5
mod_ssl-2.2.3-31.el5_4.2
docbook-style-dsssl-1.79-4.1
openssl-0.9.8e-7.el
and this is my ssl.conf in /etc/httpd/conf.d
LoadModule ssl_module modules/mod_ssl.so
LoadFile /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so
Listen 443
# Listen 444
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost miosito.it:443
#<VirtualHost *:443>
<VirtualHost miosito.it:443>
ServerName miosito.it
ErrorLog logs/ictservices_ssl_error_log
TransferLog logs/ictservices_ssl_access_log
#LogLevel debug
####ProxyRequests on
ProxyRequests off
ProxyPass / https://192.168.0.10:8443/
ProxyHTMLURLMap https://192.168.0.10:8443 /
<Location />
ProxyPassReverse https://192.168.0.10:8443/
ProxyHTMLEnable On
ProxyHTMLURLMap / /
RequestHeader unset Accept-Encoding
</Location>
SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/Global_Alternative.cer
SSLCertificateKeyFile /etc/httpd/cert/Global_Alternative.key
SSLCertificateChainFile /etc/httpd/cert/Global_CA.cer
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
how I can find the root cause?
many thanks for every suggest.
Cheers,
Lain