Does this help?
https://bz.apache.org/bugzilla/show_bug.cgi?id=55782
Sent from my iPhone
On Oct 19, 2018, at 3:52 AM, Dominik Stillhard
mailto:dominik.stillh...@united-security-providers.ch>>
wrote:
I asked this on the users mailing list and didn’t get any feedback so far, so
i’ll forward it here. Maybe someone here has an idea…
bugreport: https://bz.apache.org/bugzilla/show_bug.cgi?id=62837
Von: Stillhard, Dominik
Gesendet: Dienstag, 16. Oktober 2018 12:44
An: us...@httpd.apache.org<mailto:us...@httpd.apache.org>
Betreff: [users@httpd] SNI extension for healthchecks [signed OK]
Hello all
I face the problem, that the sni extension is not set on healthcheck-requests
to a backend using tls. Because healthchecks are negative, this leads to
ordinary requests also beeing denied.
on the backend server i have the following error:
AH02033: No hostname was provided via SNI for a name based virtual host
I’ve also investigated it with wireshark, the extionsion is defenitely not set.
My config looks as follows:
-
Listen 127.0.0.1:443
ServerName www.localhost.com<http://www.localhost.com>
ServerName www.localhost.com<http://www.localhost.com>
ServerAlias localhost.com<http://localhost.com>
SSLCertificateFile /etc/httpd/ssl/ca.crt
SSLCertificateKeyFile /etc/httpd/ssl/ca.key
SSLEngine on
SSLProxyEngine on
ProxyHCExpr isok {%{REQUEST_STATUS} =~ /^[23]/}
ProxyHCTemplate template hcinterval=5 hcexpr=isok hcmethod=get
hcuri=/healthcheck.php
BalancerMember https://127.0.0.1:8443
BalancerMember https://127.0.0.1:8444
ProxyPreserveHost On
SSLProxyProtocol TLSv1
ProxyPass balancer://mycluster/
ProxyPassReverse balancer://mycluster/
-
I’ve read that ProxyPreserveHost should be «on», but this doesn’t solve the
problem ..
Am I missing something, or is this eventually a bug in mod_proxy_hcheck?
Thanks in advance for help/ideas on this!
Cheers
Dominik