Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8492

puppetlabs-apache : Impossible to setup reverse-Proxy with loadbalancer and hcheck module when using https backend

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: apache
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      We need to replace a haproxy setup with apache. That is somehow strait forward but the puppetlabs-apache-module has a bug that prevents to do it.

      The problem is, that the balancer config gets created on server config level and not in vhost level. So the out-of-band checks by proxy_hcheck are done on that level too.

      By using https backends you see the following errors in log:

      [ssl:error] [pid XXXX:tid XXXX] [remote x.x.x.x:443] AH01961: SSL Proxy requested for x.x.x_80:80 but not enabled [Hint: SSLProxyEngine]
      [proxy:error] [pid XXXX:tid XXXX] AH00961: HCOH: failed to enable ssl support for x.x.x.x:443 (x.x.x.x)
      

      The hint is a good hint but does not help as it is not possible to enable SSLProxyEngine on server level.

      The solution is to put that balancer config inside the vhost but this is not supported by the module.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            kethgen Klaus Ethgen
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support