[Modules] proxy issue with mod_gnutls
Guillaume Rousse
Guillaume.Rousse at inria.fr
Thu Feb 21 12:11:56 EST 2008
Hello.
We just switched from mod_ssl to mod_gnutls on all our servers, so as to
benefit from SNI (we use virtual hosts for each of our web
applications). Everything was fine, excepted on one server, where proxy
doesn't work from an unknown reason in the ssl virtual host:
<VirtualHost *:80>
Servername zope.msr-inria.inria.fr
# logs
ErrorLog logs/zope_error.log
CustomLog logs/zope_access.log combined
#rewrite
RewriteEngine On
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/http/zope.msr-inria.inria.fr:80/VirtualHostRoot/$1
[L,P]
</VirtualHost>
<VirtualHost *:443>
Servername zope.msr-inria.inria.fr
# logs
ErrorLog logs/zope_ssl_error.log
CustomLog logs/zope_ssl_access.log combined
# SSL
GnuTLSEnable on
GnuTLSPriorities NORMAL
GnuTLSCertificateFile /etc/pki/tls/certs/zope.crt
GnuTLSKeyFile /etc/pki/tls/private/zope.key
#rewrite
RewriteEngine On
RewriteRule ^/(.*)
http://127.0.0.1:8080/VirtualHostBase/https/zope.msr-inria.inria.fr:443/VirtualHostRoot/$1
[L,P]
</VirtualHost>
When accessing https://zope.msr-inria.inria.fr, the client hangs a long
time for an answer, which finally comes as "Site error" message, with a
"404 858" error status in the logs. The waiting time before the error
occurs is superior to mod_proxy timeout configuration. Using a direct
proxy rule instead of a rewrite rule show the same behaviour:
ProxyPass / http://127.0.0.1:8080/
Everything works OK in the non-ssl vhost on port 80. And it used to work
with mod_ssl. Which make me suspect an issue in mod_gnutls.
--
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62
More information about the Modules
mailing list