https://bz.apache.org/bugzilla/show_bug.cgi?id=62293
Bug ID: 62293
Summary: [Windows] Can't connect backend http server without
ssl from reverse proxy server with ssl enabled.
Product: Apache httpd-2
Version: 2.4.33
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy_http
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Problems:
Can't connect backend source http server without ssl from reverse proxy
server with ssl enabled.
When it occurs:
Always (Connect reverse proxy from client)
Error messages (Client side):
Gateway Timeout
The gateway did not receive a timely response from the upstream server
or application.
Error logs (Server side):
[Thu Apr 12 22:57:01.642278 2018] [proxy:error] [pid 2748:tid 1180] (OS
10060)A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond. : [client 10.254.0.55:9221] AH01084:
pass request body failed to 10.254.0.15:80 (sv05.example.com)
[Thu Apr 12 22:57:01.642278 2018] [proxy_http:error] [pid 2748:tid
1180] [client 10.254.0.55:9221] AH01097: pass request body failed to
10.254.0.15:80 (sv05.example.com) from 10.254.0.55 ()
Solution in my environments:
Revert changes in "mod_proxy_http.c" function "proxy_http_handler" to
version 2.4.29.
Then, run perfectly.
@@ -1948,8 +1948,8 @@ static int proxy_http_handler(request_rec *r,
proxy_worker *worker,
/* Step Three: Create conn_rec */
if (!backend->connection) {
- if ((status =
ap_proxy_connection_create_ex(proxy_function,
- backend, r))
!= OK)
+ if ((status = ap_proxy_connection_create(proxy_function,
backend,
+ c, r->server)) !=
OK)
My environments:
Windows 7 x86 on Hyper-V
Windows Server 2016 x64 on Hyper-V
Configurations (Reverse proxy):
# If change "SSLEngine" to "off" and access reverse proxy server via
non-ssl http, will connect successful.
# But this is not solution. I lost access from TLS clients.
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/Test/"
ServerName ssl.example.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://sv05.example.com/
ProxyPassReverse / http://sv05.example.com/
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLHonorCipherOrder off
SSLCipherSuite
+NULL:EDH:RSA:!DH:ADH:DSS:HIGH:!EXP:!Low:!SHA1:!MD5:!RC4:!DES:!IDEA:!CAMELLIA:!SEED:!SSLv2:!SSLv3
SSLCertificateFile conf/SSL/Site.cer
SSLCertificateKeyFile conf/SSL/Site.key
SSLCACertificateFile conf/SSL/CA.cer
</VirtualHost>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
