[Proftpd-devel] Problems with mod_proxy
I've been experimenting with mod_proxy as a reverse proxy, and so far have not been able to get the data connection to work with TLS. The control connection works fine with TLS, but any command that creates a data connection fails with "tls_getc SSL_ERROR_SSL" displayed at the client. Then eventually the control connection will timeout. If I use passive mode, then the first data connection is successful, but the next data connection associated with that control connection fails. I have all the certificate verification turned off. The client has no trouble connecting to the backend ftp server, and the proxy works as expected with TLS turned off. Both that backend and proxy servers are ProFTPD 1.3.6rc2 cloned from github. I've spent the last several days looking through logs and the source code, and trying different configuration options. I'm still not sure if I'm doing something wrong or there is bug somewhere. Any suggestions on things to try, or where to look? Or details you might need to help diagnose? -- Dan Campbell-- ___ ProFTPD Developers List https://lists.sourceforge.net/lists/listinfo/proftp-devel
Re: [Proftpd-devel] Problems with mod_proxy
> On October 13, 2015 at 1:46 PM TJ Saunders wrote: > > > > > I've been experimenting with mod_proxy as a reverse proxy, and so far > > have not been able to get the data connection to work with TLS. > > The data connection on the frontend (i.e. from/to the FTP client), or on > the backend (to/from the backend server)? I believe the failure is with the backend data connection. > > The control connection works fine with TLS, but any command that creates > > a data connection fails with "tls_getc SSL_ERROR_SSL" displayed at the > > client. > > Then eventually the control connection will timeout. If I use passive mode, > > then the first data connection is successful, but the next data connection > > associated with that control connection fails. > > Could you provide the proftpd.conf files (for proxy and backend servers) > used, the ProxyLog, and the proftpd debug logging, debug level 10, for > each of the servers? I will email the files directly. -- Dan Campbell-- ___ ProFTPD Developers List https://lists.sourceforge.net/lists/listinfo/proftp-devel
