• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Tomcat 8.5 Apache 2.4.39 reverse proxy SSL Library Error

 
Marek Teus
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all

The problem is in Apache2.4.39 revese proxy to Tomcat 8.5

Apache cannot set properly https sesion and I see the blank page only and error 404 in log files.

[Sat May 25 13:56:53.039903 2019] [proxy:debug] [pid 19271:tid 140682456087488] proxy_util.c(1934): AH00925: initializing worker https://www.myapplication.com:8081/ shared
[Sat May 25 13:56:53.039953 2019] [proxy:debug] [pid 19271:tid 140682456087488] proxy_util.c(1991): AH00927: initializing worker https://www.myapplication.com:8081/ local
[Sat May 25 13:56:53.039975 2019] [proxy:debug] [pid 19271:tid 140682456087488] proxy_util.c(2026): AH00930: initialized pool in child 19271 for (www.myapplication.com) min=0 max=25 smax=25
[Sat May 25 13:56:53.040915 2019] [proxy:debug] [pid 19272:tid 140682456087488] proxy_util.c(1934): AH00925: initializing worker https://www.myapplication.com:8081/ shared
[Sat May 25 13:56:53.040960 2019] [proxy:debug] [pid 19272:tid 140682456087488] proxy_util.c(1991): AH00927: initializing worker https://www.myapplication.com:8081/ local
[Sat May 25 13:56:53.040984 2019] [proxy:debug] [pid 19272:tid 140682456087488] proxy_util.c(2026): AH00930: initialized pool in child 19272 for (www.myapplication.com) min=0 max=25 smax=25
[Sat May 25 13:57:05.915515 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x98 -> subcache 24)
[Sat May 25 13:57:05.915581 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Sat May 25 13:57:05.915594 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/206
[Sat May 25 13:57:05.915608 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Sat May 25 13:57:05.915736 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x06 -> subcache 6)
[Sat May 25 13:57:05.915764 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Sat May 25 13:57:05.915774 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/205
[Sat May 25 13:57:05.915783 2019] [socache_shmcb:debug] [pid 19272:tid 140682145777408] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Sat May 25 13:57:05.917074 2019] [ssl:debug] [pid 19272:tid 140682145777408] ssl_engine_kernel.c(383): [client ip.ip.ip.ip:56315] AH02034: Initial (No.1) HTTPS request received for child 64 (server www.myapplication.com:443)
[Sat May 25 13:57:05.917115 2019] [authz_core:debug] [pid 19272:tid 140682145777408] mod_authz_core.c(846): [client ip.ip.ip.ip:56315] AH01628: authorization result: granted (no directives)
[Sat May 25 13:57:05.918960 2019] [proxy:debug] [pid 19272:tid 140682145777408] mod_proxy.c(1248): [client ip.ip.ip.ip:56315] AH01143: Running scheme https handler (attempt 0)
[Sat May 25 13:57:05.918993 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(2326): AH00942: HTTPS: has acquired connection for (www.myapplication.com)
[Sat May 25 13:57:05.919006 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(2379): [client ip.ip.ip.ip:56315] AH00944: connecting https://www.myapplication.com:8081/ to www.myapplication.com:8081
[Sat May 25 13:57:05.954425 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(2588): [client ip.ip.ip.ip:56315] AH00947: connected / to www.myapplication.com:8081
[Sat May 25 13:57:05.954747 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(3057): AH02824: HTTPS: connection established with 80.235.230.115:8081 (www.myapplication.com)
[Sat May 25 13:57:05.954788 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(3231): AH00962: HTTPS: connection complete to 80.235.230.115:8081 (www.myapplication.com)
[Sat May 25 13:57:05.954804 2019] [ssl:info] [pid 19272:tid 140682145777408] [remote 80.235.230.115:8081] AH01964: Connection to child 0 established (server www.myapplication.com:443)
[Sat May 25 13:57:05.962290 2019] [ssl:info] [pid 19272:tid 140682145777408] [remote 80.235.230.115:8081] AH02003: SSL Proxy connect failed
[Sat May 25 13:57:05.962465 2019] [ssl:info] [pid 19272:tid 140682145777408] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Sat May 25 13:57:05.962489 2019] [ssl:info] [pid 19272:tid 140682145777408] [remote 80.235.230.115:8081] AH01998: Connection closed to child 0 with abortive shutdown (server www.myapplication.com:443)
[Sat May 25 13:57:05.962531 2019] [ssl:info] [pid 19272:tid 140682145777408] [remote 80.235.230.115:8081] AH01997: SSL handshake failed: sending 502
[Sat May 25 13:57:05.962548 2019] [proxy:error] [pid 19272:tid 140682145777408] (20014)Internal error (specific information not available): [client ip.ip.ip.ip:56315] AH01084: pass request body failed to 80.235.230.115:8081 (www.myapplication.com)
[Sat May 25 13:57:05.962567 2019] [proxy:error] [pid 19272:tid 140682145777408] [client ip.ip.ip.ip:56315] AH00898: Error during SSL Handshake with remote server returned by /
[Sat May 25 13:57:05.962576 2019] [proxy_http:error] [pid 19272:tid 140682145777408] [client ip.ip.ip.ip:56315] AH01097: pass request body failed to 80.235.230.115:8081 (www.myapplication.com) from ip.ip.ip.ip ()
[Sat May 25 13:57:05.962585 2019] [proxy:debug] [pid 19272:tid 140682145777408] proxy_util.c(2341): AH00943: HTTPS: has released connection for (www.myapplication.com)
[Sat May 25 13:57:05.964503 2019] [ssl:debug] [pid 19272:tid 140682145777408] ssl_engine_io.c(1106): [client ip.ip.ip.ip:56315] AH02001: Connection closed to child 64 with standard shutdown (server www.myapplication.com:443)
[Sat May 25 13:57:05.985063 2019] [socache_shmcb:debug] [pid 19272:tid 140682056431360] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x55 -> subcache 21)

Thanks for your sugestions in advance
 
Tim Holloway
Bartender
Posts: 20847
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch, Markus!

You didn't show your Apache proxy definition. I'm assuming that it's mod_jk and not mod_proxy.

I haven't worked with mod_jk in a while, but I have doubts about having it do ssl to Tomcat. Unless you're very paranoid, usually the SSL is from cloud to Apache, but the Apache-to-Tomcat link is not SSL, For one thing the coyote protocol isn't widely documented, and for another, if someone already owns your LAN (or worse, your local loop), then you have bigger problems.

If you could show us the snippets of your Apache proxy definition and the server.xml Connector element from Tomcat, that would help us a lot.
 
Marek Teus
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
server.xml

<Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" scheme="https"
           proxyName="www.myapplication.com" proxyPort="80" redirectPort="443" />

virtual host

SSLStrictSNIVHostCheck off
<VirtualHost *:80>
       ServerName      www.myapplication.com
       ServerAlias     myapplication.com
       ServerAdmin     webmaster@www.myapplication.com
       RewriteEngine   On
       RewriteCond %{HTTP} !=on
       RewriteRule ^/?(.*)$ http://localhost:8081/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
       ServerName      www.myapplication.com
       ServerAlias     myapplication.com
       ServerAdmin     webmaster@www.myapplication.com
       DocumentRoot    /opt/tomee/webapps/www.myapplication
       
       ProxyRequests   Off
       ProxyPreserveHost On
       SSLProxyEngine On
       ProxyTimeout 60

       ProxyPass       / https://www.myapplication.com:8081/
       ProxyPassReverse / https://www.myapplication.com:8081/

       <Location /myapplication>
               Options FollowSymLinks
               AllowOverride all
               Require all granted
       </Location>

       SSLEngine On
       SSLProtocol all -SSLv3 +TLSv1.3
       SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv3:!TLSv1.3:!RC4+RSA:+HIGH:+MEDIUM:!LOW:!RC4
       SSLCertificateFile      /etc/ssl/server/server.crt
       SSLCertificateKeyFile   /etc/ssl/server/server.key
       SSlCACertificateFile    /etc/ssl/certs/SecureServerCA.crt

       LogLevel        debug
       ErrorLog        ${APACHE_LOG_DIR}/myapplication_error.log
       CustomLog       ${APACHE_LOG_DIR}/myapplication_access.log combined
</VirtualHost>

sudo apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
jk_module (shared)
md_module (shared)
mime_module (shared)
mpm_event_module (shared)
negotiation_module (shared)
proxy_module (shared)
proxy_connect_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
security2_module (shared)
setenvif_module (shared)
slotmem_shm_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
suexec_module (shared)
unique_id_module (shared)
xml2enc_module (shared)

Hope this is better view to find my config problem
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!