[NTLUG:Discuss] Apache Proxy Weirdness/Failure
Stephen Davidson
gorky at freenet.carleton.ca
Fri Oct 20 17:21:20 CDT 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Greetings.
Had a bit of a problem with a letsencrypt cert, got it fixed, and now
Apache is encrypting connections to an unencrypted Java server.
The only thing that was changed was the GnuTLSCertificateFile settings,
nothing else in the conf files. I have spent about half the day
Googling the error message and configurations, but so far no luck.
Any ideas where to look?
Apache Excerpt:
## Proxy rules
ProxyRequests Off
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyPass / http://cvjenkins:8080/ nocanon retry=1 acquire=3000
timeout=600 Keepalive=On
# ProxyPass / http://192.168.1.205:8080/ nocanon retry=1
acquire=3000 timeout=600
ProxyPassReverse / http://192.168.3.11:8080/
# GnuTLS Switch: Enable/Disable SSL/TLS for this virtual host.
GnuTLSEnable On
# See /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
#GnuTLSCertificateFile /etc/ssl/certs/walter.pem
#GnuTLSKeyFile /etc/ssl/private/walter.key
GnuTLSCertificateFile
/etc/letsencrypt/live/sda.dyndns-server.com/fullchain.pem
GnuTLSKeyFile /etc/letsencrypt/live/sda.dyndns-server.com/privkey.pem
GnuTLSPriorities SECURE:!ANON-DH:!MD5
- From the SSL Log:
[Fri Oct 20 16:57:59.412234 2017] [proxy:debug] [pid 23222:tid
2963819328] proxy_util.c(2213): [client 192.168.1.1:50016] AH00944:
connecting http://cvjenkins:8080/favicon.ico to cvjenkins:8080, referer:
https://jenkins.*****.sda.dyndns-server.com/
[Fri Oct 20 16:57:59.412684 2017] [proxy:debug] [pid 23222:tid
2963819328] proxy_util.c(2422): [client 192.168.1.1:50016] AH00947:
connected /favicon.ico to cvjenkins:8080, referer:
https://jenkins.*****.sda.dyndns-server.com/
[Fri Oct 20 16:57:59.414145 2017] [proxy:debug] [pid 23222:tid
2963819328] proxy_util.c(2799): AH02824: HTTP: connection established
with 192.168.3.11:8080 (cvjenkins)
[Fri Oct 20 16:57:59.414741 2017] [proxy:debug] [pid 23222:tid
2963819328] proxy_util.c(2965): AH00962: HTTP: connection complete to
192.168.3.11:8080 (cvjenkins)
[Fri Oct 20 16:58:04.418518 2017] [gnutls:error] [pid 23222:tid
2963819328] [remote 192.168.3.11:8080] GnuTLS: Handshake Failed. Hit
Maximum Attempts
[Fri Oct 20 16:58:04.420381 2017] [gnutls:debug] [pid 23222:tid
2963819328] gnutls_io.c(562): [remote 192.168.3.11:8080]
mgs_filter_input : ap_get_brigade
[Fri Oct 20 16:58:04.420976 2017] [proxy_http:error] [pid 23222:tid
2963819328] (70014)End of file found: [client 192.168.1.1:50016]
AH01102: error reading status line from remote server cvjenkins:8080,
referer: https://jenkins.*****.sda.dyndns-server.com/
[Fri Oct 20 16:58:04.421514 2017] [proxy_http:debug] [pid 23222:tid
2963819328] mod_proxy_http.c(1337): [client 192.168.1.1:50016] AH01104:
Closing connection to client because reading from backend server
cvjenkins:8080 failed. Number of keepalives 1, referer:
https://jenkins.*****.sda.dyndns-server.com/
[Fri Oct 20 16:58:04.422341 2017] [proxy:debug] [pid 23222:tid
2963819328] proxy_util.c(2175): AH00943: HTTP: has released connection
for (cvjenkins)
Regards,
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ6nbJAAoJEKhU1l72Ua2SUXQP/iX2HWtZdM/2voWMR0pBYInR
j2rdKUOyGdboeozbNXx1OM9K//IZEdiIAvtCMTnkOtx/cauvDIDw+aXlBchawwp9
JLgTU7/lPxdzNFs5gzesIFXC1N7eG5qOxhqarovJvnigjhwAg62LMUIjqPAnzY/3
H9uYAxOpxNigmrAodh9rtsnhhDtsIZvusVeT1cNEUvl0HW75urSbIzT4rTbU8Ne+
VzofENNui/svno97sOm8YswK3WU//1AIp3HdaUBPxmTpiSy8BOIsBFuKgZcuYWga
WPk4RhEn2RJGMOBExFCOdhFofxY1/MY7kq630lsZQR8w2R5i7POatu/k/t/Bia6J
/Ct/wbCR6ZC2NJfkpdELuGIveJWuwxq+8xdI9raf1FvUWPHD4MscFhrPkHrKcVEZ
6QgouoIpYErHWJ4VCX6wJRmkeblm4U4vooUvwmELl3247C5n7RTcloqhtXJKiLnp
kOEfzWdpiqQV+Vw2N67RqUsue57tiSeFlpxYrQhY4ViDefKe4iXcSnqLsg2B05m7
sDaaupKAOTrE+lKqM+CA/Zn/TLZZEYLwNckkMH9bh0IoV5XQZSE6DoyIknece8JQ
Wx8oi38FVWNsCCv3Yw4AcEFnjMQdmpLM1hJbkcLMLdXzLAVypw+sHxTyCScsQZzD
scGS7++paC+85STCPQyV
=t4lK
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list