[Mod_nss-list] Mod_nss newbie here - issue with mod_proxy and mod_nss 1.0.8
Rob Crittenden
rcritten at redhat.com
Fri May 28 19:29:08 UTC 2010
Mike Staver wrote:
> I'm running Solaris 10 with self compiled:
>
> Apache 2.2.15
> mod_nss 1.0.8
> nss 3.12.6
> nspr 4.8.4
>
> I have all of those successfully compiled and working together, for the
> most part. I compiled apache so that I had axps and all the proxy modules.
> I now have all my CRLs updated in the NSS database, and Apache is working
> very nicely with it that way. The problem comes into play when I try to
> set up a proxy. I've set up a lot of proxies before here with mod_ssl, and
> everything was cool. However, now I'm trying to get it to work with
> mod_nss, and I don't *think* I have mod_ssl even compiled in on this box,
> and I certainly don't have it loading the config file which just showed up
> by default. The error I'm getting is:
>
> [error] proxy: pass request body failed to 10.0.0.25:443 (10.0.0.25) from
> 10.0.0.75 ()
>
> I can get to the 10.0.0.75 box fine from a web browser over SSL. I can
> ping and see the open port 443 from the proxy web server, so it's not a
> network issue or anything like that.
>
> I've read that the problem could stem from some existing mod_ssl libraries
> being loaded somewhere. Can somebody tell me how to check for that, and
> possibly remedy that? Or do I possibly have another problem here that I'm
> not seeing?
mod_proxy provides a single interface for registering the SSL functions
it needs. Since mod_ssl blindly registers when it loads mod_nss skips it
if it detects mod_ssl. So yes, merely having a 'LoadModule ssl_module
modules/mod_ssl.so' somewhere in the configuration is enough to make
mod_nss not work with mod_proxy.
Note that some recent changes for the mod_nss/mod_proxy interaction were
pushed out to the source HEAD recently. You'll probably want to pull the
source from CVS if you're using the 1.0.8 tarball. This will let mod_nss
work with mod_proxy as a reverse SSL proxy.
rob
More information about the Mod_nss-list
mailing list