/ Zope / Apsis / Pound Mailing List / Archive / 2008 / 2008-05 / RPC over https configuration

[ << ] [ >> ]

[ RPC over https configuration / "Michael St. ... ] [ Session TTL patch / John La Rooy ... ]

RPC over https configuration
"Michael St. Laurent" <mikes(at)hartwellcorp.com>		 2008-05-19 22:31:28 [ FULL ] 
Here's the email I sent to the list:

Hello,

I've already got OWA working and would now like to get RPC over https
connections working.  My /etc/pound/pound.cfg file has xHTTP=4 in it but
I'm seeing the error messages below in the log file:

May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.010 sec)
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.009 sec)
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6002
HTTP/1.1: Success (0.009 sec)
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.009 sec)
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.010 sec)
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:55:35 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:55:35 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?hcdc.hartwellcorp.com:6004
HTTP/1.1: Success (0.009 sec)
May 19 12:56:38 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:56:38 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:56:38 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.012 sec)
May 19 12:56:38 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:56:38 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:56:38 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.012 sec)
May 19 12:56:39 hcfw1 pound: (b7ee3b90) e500 can't read header
May 19 12:56:39 hcfw1 pound: (b7ee3b90) e500 response error read from
10.11.10.14:80/RPC_OUT_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.003 secs)
May 19 12:56:39 hcfw1 pound: (b7f24b90) e500 error copy client cont to
10.11.10.14:80/RPC_IN_DATA /rpc/rpcproxy.dll?owa.hartwellcorp.com:6004
HTTP/1.1: Success (0.012 sec)

I'm using Pound 2.4.2 on a CentOS-5 system.

Below is the config file I'm using:

#
# pound configuration file for version 2.1.3
#

User "nobody"
Group "nobody"
RootJail "/usr/share/pound"

ListenHTTP
    Address 216.237.48.18
    Port 80
    Service
        HeadRequire "Host: owa.hartwellcorp.com.*"
        Redirect "https://owa.hartwellcorp.com/exchange"

    End
    Service
        HeadRequire "Host: oma.hartwellcorp.com.*"
        Redirect "https://owa.hartwellcorp.com/oma"
    End
End

ListenHTTPS
    Address 216.237.48.18
    AddHeader "Front-End-Https: on"
    Port    443
#    CheckURL
"(/exchange/*|/exchweb/*|/oma/*|/Microsoft-Server-ActiveSync/*)"
#   Cert    "/usr/share/ssl/certs/pound-new.pem"
    Cert    "/etc/pki/tls/certs/pound-new.pem"
    Ciphers
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
    # Allow WebDAV and MS extensions
    xHTTP   4
    Service
        HeadRequire "Host: .*.hartwellcorp.com.*"
        BackEnd
            Address 10.11.10.14
            Port    80
        End
    End
End

# Images server(s)
Service
    URL ".*.(jpg|gif)"
    BackEnd
        Address 127.0.0.1
        Port    80
    End
End

# redirect all requests for /forbidden
Service
    Url         "/forbidden.*"
    Redirect    "https://localhost/"
End

# Catch-all server(s)
Service
    BackEnd
        Address 127.0.0.1
        Port    80
    End
    BackEnd
        Address 127.0.0.1
        Port    80
    End
    Session
        Type    BASIC
        TTL     1800
    End
End
RE: [Pound Mailing List] RPC over https configuration
"Michael St. Laurent" <mikes(at)hartwellcorp.com>		 2008-05-20 19:27:43 [ FULL ] 
> I've already got OWA working and would now like to get RPC over https[...]
[snip]

Does anyone have this working yet?  If not them I'm willing to
troubleshoot to find out what is missing.
RE: [Pound Mailing List] RPC over https configuration
"Michael St. Laurent" <mikes(at)hartwellcorp.com>		 2008-05-30 19:35:53 [ FULL ] 
> > I've already got OWA working and would now like to get RPC [...]

The original problem I was seeing seemed to be due to the client and
server not agreeing on what sort of authentication to use.  I've fixed
that by turning off Pound, enabling port forwarding temporarily and
tweaking settings until it worked.  I've got a packet capture of a
successful session.

With Pounds turned back on I've also got packet captures of the failing
conversation inside the firewall as well as the SSL conversation from
outside.

Would any of this be useful to the Devs?
RE: [Pound Mailing List] RPC over https configuration
"Jean-Benoit PAUX" <jeanb(at)jeanb-net.com>		 2008-05-30 20:50:40 [ FULL ] 
Hello,

I also was unable to make Pound working with RPCoHTTPS.
I had a lot of connection time out, some e500 error copy client cont etc.

The only proxy that works with RPCoHTTPS seams to be squid.

-----Message d'origine-----
De : Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
Envoyé : vendredi 30 mai 2008 19:36
À : pound(at)apsis.ch
Objet : RE: [Pound Mailing List] RPC over https configuration
[...]

The original problem I was seeing seemed to be due to the client and
server not agreeing on what sort of authentication to use.  I've fixed
that by turning off Pound, enabling port forwarding temporarily and
tweaking settings until it worked.  I've got a packet capture of a
successful session.

With Pounds turned back on I've also got packet captures of the failing
conversation inside the firewall as well as the SSL conversation from
outside.

Would any of this be useful to the Devs?

--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
MailBoxer