linkyone Posted April 13, 2008 Share Posted April 13, 2008 Im going to start off with the basics... Gateway computer specs: Win 2k3 Apache 2.2.6 OpenSSL 1 Public IP only open ports 21, 80, 443 What I want to do: Place each of my 4 web servers (hosting remote desktop software) on a different https subdomain with http to https redirection. host1.url.com:443, host2.url.com:443,..... What I can do so far: Using the conf below i can access each one of these servers but with limited functionality. First off, all my traffic is across port 80. Every time I try to use someone's 443 config tutorial, I get either apache errors or 500 server errors. Second, the remote desktop software provides an active X program that allows remote desktop usage and file transfers and gets installed on the "using computer". The only problem is, the active X program on the "using computer" is outside my lan and tries to connect to the local IP address and obviously never connects. Using basic port forwarding I don't have this problem so I know i need to update my conf file. Just to answer few questions in advance. the reason i dont put these sites on different ports is because 99% of the time i access these sites from the office and we have outbound rules that only allow traffic across those ports. Thanks in advance! http.conf Configuration (edited): #Static IP of the interface used to connect to the DSL modem. NameVirtualHost 192.168.5.x:80 NameVirtualHost 192.168.5.x:443 <VirtualHost 192.168.5.x:80> SSLProxyEngine On ServerName host2.url.com ProxyRequests Off # Static IP of 1 server hosting remote software. ProxyPass / https://192.168.x.x:port#/ ProxyPassReverse / https://192.168.x.x:port#/ </VirtualHost> <VirtualHost 192.168.5.x:80> SSLProxyEngine On ServerName host2.url.com ProxyRequests Off ProxyPass / https://192.168.x.x:port#/ ProxyPassReverse / https://192.168.x.x:port#/ </VirtualHost> Quote Link to comment Share on other sites More sharing options...
steviewdr Posted April 16, 2008 Share Posted April 16, 2008 "Every time I try to use someone's 443 config tutorial, I get either apache errors " Thats because you have to setup a SSL cert and lots of extra stuff. Its not as simple as putting in a vhost config for 443. http://wiki.kartbuilding.net/index.php/Apache_2_%26_SSL_-_PHP4_-_MySQL_4.1 As for port forwarding a specific port for remote desktop, apache wont be doing this. This port forwarding will have to be done instead by your firewall/router. You'll have to google for the specifics as I dont know off hand. -steve Quote Link to comment Share on other sites More sharing options...
linkyone Posted April 17, 2008 Author Share Posted April 17, 2008 As for port forwarding a specific port for remote desktop, apache wont be doing this. This port forwarding will have to be done instead by your firewall/router. You'll have to google for the specifics as I dont know off hand. For the port forwarding I've got that down. My connection actually goes from my ADSL modem/router and has a DMZ setup to the "firewall" computer with ports open to connect 80 and 443. I took at look at the link you provided and if i am reading that right, i only need to add SSL Engine and create a cert and key file then point Apache to the cert file and key? I tried that and no dice... What else do you suggest? Also, if I am not hosting any sites directly from this server what is required in my conf file to just run SSL vhosts? I want to clean up my httpd a bit but i dont know whats requited. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted April 17, 2008 Share Posted April 17, 2008 "I took at look at the link you provided and if i am reading that right, i only need to add SSL Engine and create a cert and key file then point Apache to the cert file and key? I tried that and no dice... What else do you suggest?" Well apart from adding SSL Engine, you need to make sure openssl is installed on your pc. Did the cert create correctly? Is there errors in your error.log Can you try doing a basic static website using ssl firstly. Then config the mod_proxy afterwards once the ssl is working. "Also, if I am not hosting any sites directly from this server what is required in my conf file to just run SSL vhosts?" Well, even if you just want to run SSL vhosts, you still need all of apache configured and installed. You could probably remove some extensions enabled. Again you should google all of the extensions you have enabled, see what they do and then disable them if you are not using them. -steve Quote Link to comment Share on other sites More sharing options...
linkyone Posted April 23, 2008 Author Share Posted April 23, 2008 Well first of all, i feel like an idiot. I thought i had port 443 open and well, its open now! I am able to connect to the web interface with ssl with no problem, the problem arises at the point where the Active X program wants to connect for remote desktop use. I end up with this... SSL connected and negotiated the following cipher: Key exchange: Unknown, N/A bits Data encryptioin: Unknown, 0 bits. Host SSL certificate verified. Certificate issued to computer: Certificate issued by: Authenticating.... Error occurred: error:14090086:lib(20):func(144):reason(134) Normally, if I just do a straight port forward i end up with this... Key exchange: RSA, 1024 bits Data encryptioin: AES256-SHA, 256 bits Host SSL certificate verified. Certificate issued to computer: <FQDN> Certificate issued by: Home CA Authenticating.... Connected. I did some google searches and discovered that people were just deleting cookies. Tried it, nothing. I don't think it is a problem with the remote desktop software, i am sure i am missing something in my apache conf. I dont know enough about Active X to really understand how it works. It seems to me like the active X control is trying to make its own secured connection. the web page is only a 128bit connection but the active X control connects at 256bit. do I need to enable something else in apache? current conf: SSLPassPhraseDialog builtin SSLMutex default SSLRandomSeed startup builtin SSLSessionCache none <VirtualHost 192.168.5.2:443> SSLEngine on SSLProxyEngine on ServerName server.<url>.com:443 ServerAdmin <email> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.pem ProxyRequests Off ProxyPass / https://server.<url>.com/ ProxyPassReverse / https://server.<url>.com/ </VirtualHost> Quote Link to comment Share on other sites More sharing options...
steviewdr Posted April 24, 2008 Share Posted April 24, 2008 I think its a ssl cert issue. Its as if that active x requires a registered ssl cert. Not sure. You'll have to google for: http://www.google.ie/search?hl=en&q=https+error+reason%28134%29&meta= -steve Quote Link to comment Share on other sites More sharing options...
linkyone Posted May 7, 2008 Author Share Posted May 7, 2008 Could be, honestly dont know. i have regenerated my keys many times and in different ways. I tried the Java applet that offers the same control, just doesnt look as good but it works fine. Do I have to use the "SSLProxyMachineCertificateFile" mod to create a good ssl conneciton to the remote server? if so, is there anything else needed to create a good ssl connection to the apache server and the remote server? Now, i know this is way over my head but i thought i would ask it anyway... is there a way to get a standard username and password dialog box to pop up when i got to my ssl web address. after typing in the name and pass apache uses it in the url of the virtual host server address? thanks for all your help so far! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.