# [SOLVED] enable mod_proxy with ssl

## johnny99

I am trying to proxy requests to buildbot via apache + mod_proxy_html + ssl.

buildbot web interface is listening on local 127.0.0.1:12344 127.0.0.1:12345 , and apache is listening on *:443

I am trying to proxy:

https://buildmaster.mydomain.com/buildbot  to http://127.0.0.1:12344/

and

https://buildmaster.mydomain.com/buildbot_admin to http://127.0.0.1:12345/

Apache logs show "File does not exist: /var/www/localhost/htdocs/buildbot"

Details about setup:

eix -I www-servers/apache

```
     Installed versions:  2.2.9(2)(15:38:56 07/22/08)(apache2_modules_actions apache2_modules_alias apache2_modules_auth_basic apache2_modules_auth_digest apache2_modules_authn_anon apache2_modules_authn_dbd apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_dbd apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_ident apache2_modules_imagemap apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_connect apache2_modules_proxy_http apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_vhost_alias ssl -apache2_modules_asis -apache2_modules_authn_alias -apache2_modules_cern_meta -apache2_modules_charset_lite -apache2_modules_dumpio -apache2_modules_log_forensic -apache2_modules_proxy_ftp -apache2_modules_substitute -apache2_modules_version -apache2_mpms_event -apache2_mpms_itk -apache2_mpms_peruser -apache2_mpms_prefork -apache2_mpms_worker -debug -doc -ldap -selinux -sni -static -suexec -threads)

     Homepage:            http://httpd.apache.org/

     Description:         The Apache Web Server.
```

eix -I mod_proxy

```
[I] www-apache/mod_proxy_html

     Available versions:  3.0.0 ~3.0.1_pre20071125

     Installed versions:  3.0.0(12:09:12 07/25/08)

     Homepage:            http://apache.webthing.com/mod_proxy_html/

     Description:         An Apache2 module to rewrite links in html pages behind a reverse proxy.
```

/etc/conf.d/apache2 contains

```
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PROXY -D PHP5 -D PROXY -D PROXY_HTML"
```

/etc/apache2/vhosts.d/01_buildbot.mydomain.comf

```
<IfDefine SSL>

<IfDefine SSL_DEFAULT_VHOST>

<IfModule ssl_module>

#######################################

<VirtualHost *:443 >

        ServerAdmin john@mydomain.com

        ServerName  buildmaster.mydomain.com

        ServerAlias buildmaster

        ServerSignature Off

        ErrorLog /var/log/apache2/error.log

        CustomLog /var/log/apache2/access.log combined

        #------------------------------#

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/server.crt

        SSLCertificateKeyFile /etc/apache2/ssl/server.key

        #------------------------------#

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

            SSLOptions +StdEnvVars

        </FilesMatch>

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

                LimitRequestBody 300000000000

        </FilesMatch>

        #------------------------------#

        <IfModule mpm_peruser_module>

              ServerEnvironment apache apache

        </IfModule>

        <IfModule mod_php5.c>

          php_flag magic_quotes_gpc Off

          php_flag track_vars On

        </IfModule>

        <IfModule authnz_external_module>

              AddExternalAuth pwauth  /usr/sbin/pwauth

              SetExternalAuthMethod   pwauth  pipe

        </IfModule>

        #------------------------------#

        DocumentRoot /var/www/localhost/htdocs

        <Directory "/var/www/localhost/htdocs">

            Options Indexes FollowSymLinks MultiViews

            AllowOverride None

            Order allow,deny

            Allow from all

        </Directory>

        #------------------------------#

        <IfDefine PROXY_HTML>

            ProxyVia On

            ProxyRequests On

             #------------------------------#

                ProxyPass              /buildbot/       http://127.0.0.1:12344/

                ProxyPassReverse  /buildbot/       http://127.0.0.1:12344/

                ProxyHTMLURLMap   http://127.0.0.1:12344/ /buildbot

            <Location "/buildbot/">

                Satisfy any

                Allow from all

            </Location>

            #------------------------------#

                ProxyPass              /buildbot_admin/ http://127.0.0.1:12345/

                ProxyPassReverse  /buildbot_admin/ http://127.0.0.1:12345/

                ProxyHTMLURLMap  http://127.0.0.1:12345/ /buildbot_admin

            <Location "/buildbot_admin/">

                AuthType Basic

                AuthName "Buildbot Admin"

                AuthUserFile  /etc/apache2/htpasswd

                Require valid-user

            </Location>

        </IfDefine>

        #------------------------------#

</VirtualHost>

#######################################

</IfModule>

</IfDefine>

</IfDefine>

# vim: ts=4 filetype=apache
```

Restarting apache shows proxy_html is loaded.

[Fri Jul 25 12:38:45 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8g proxy_html/3.0.0 configured -- resuming normal operations

Can anyone see what I'm missing in the config? 

Thank you for reading.Last edited by johnny99 on Thu Aug 28, 2008 7:38 pm; edited 2 times in total

----------

## cassiol

hellooo

 this config works for me 

```

 SSLEngine On

    SSLCertificateFile /etc/apache2/ssl/xxxxx.crt

    SSLCertificateKeyFile /etc/apache2/ssl/xxxxx.key

        ProxyRequests Off

        SSLProxyEngine on

        ProxyPass /cgi-bin/mailgraph.cgi https://otherserver/cgi-bin/mailgraph.cgi

        ProxyPassReverse /cgi-bin/mailgraph.cgi https://otherserver/cgi-bin/mailgraph.cgi

 
```

----------

## johnny99

I found inside /etc/apache2/vhosts.d/, only the default files: default files 00_default_ssl_vhost.conf, 

 00_default_vhost.conf, and 

 default_vhost.include are processed, and my virtual host file isn't: 01_buildbot.mydomain.comf

When I move my proxy configuration to it's own file, and add an Include line to default_vhost.include, the proxy works.

The include looks like this:

```
Include  /etc/apache2/conf.d/buildbot
```

The included file /etc/apache2/conf.d/buildbot looks like this:

```
<IfDefine PROXY_HTML>

    ProxyRequests Off

    ProxyVia On

    SSLProxyEngine on

    ProxyPass        /   http://127.0.0.1:12345/

    ProxyPassReverse /   http://127.0.0.1:12345/

    #------------------------------#

    AddExternalAuth pwauth  /usr/sbin/pwauth

    SetExternalAuthMethod   pwauth  pipe

    #------------------------------#

    <Location "/">

        AuthType Basic

        AuthName "Buildbot Admin"

        AuthBasicProvider external

        AuthExternal pwauth

        Require user john

     </Location>

</IfDefine>
```

Normally I don't touch the default apache vhost files because an emerge update can replace them.

When I setup apache on gentoo, I have the habit of creating my own files in /etc/apache2/vhosts.d/, and they are processed just fine.  I have no clue why that isn't the case this time.

What I have done here so far is a hack but shows mod_proxy_html and mod_ssl work together to offer password protection to buildbot.  

I just need to figure out why my vhost file isn't processed correctly, and this post will be solved.

----------

