[zorp] Reverse proxy + side stacking broken (config?) for large pages?
David Yerger
dyerger at stcservices.com
Tue Nov 29 14:49:24 CET 2011
Using Zorp GPL 3.3, have a reverse proxy for OWA, I added
def Zcommunicator():
Service("INcommunicator", INcommunicator,
chainer=SideStackChainer(CommunicatorHttpProxy),
router=DirectedRouter(SockAddrInet("<LAN IP>", 80)))
Listener(SockAddrInet("<public ip>", 55000), "INcommunicator")
class CommunicatorHttpProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)
self.request["POST"] = (HTTP_REQ_POLICY, self.filterURL)
def filterURL(self, method, url, version):
if ("http://<public DNS>:5500/cas" in url):
self.session.setServer(SockAddrInet("10.0.7.2", 5447))
elif ("http://<public DNS>:5500/director2" in url):
self.session.setServer(SockAddrInet("10.0.7.2", 5449))
elif ("http://<public DNS>:5500/techops" in url):
self.session.setServer(SockAddrInet("10.0.0.6", 80))
elif ("http://<public DNS>:5500/fubar" in url):
self.session.setServer(SockAddrInet("10.0.0.6", 80))
else: self.session.setServer(SockAddrInet("10.0.7.2", 80))
return HTTP_REQ_ACCEPT
class INcommunicator(PsslProxy):
def config(self):
PsslProxy.config(self)
self.client_verify_type = SSL_VERIFY_NONE
self.client_ca_directory = "/etc/ssl/certs"
self.server_need_ssl=FALSE
self.client_key_file = "/etc/ssl/private/xxx.key"
self.client_cert_file = "/etc/ssl/certs/xxx.crt"
#self.stack_proxy = CommunicatorHttpProxy
the "fubar" URL doesn't point to a real location--and I get the 500 error page back from the web server.
But when I try a (larger) real page, I'm seeing
Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9): Starting proxy instance; client_fd='15', client_address='AF_INET(<public ip>:2220)', client_zone='Zone(inter, 0.0.0.0/0)', client_local='AF_INET(<public ip>:5500)', client_protocol='TCP'
Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9/pssl): SSL handshake failed on the client side; error='error:1407609C:SSL routines:lib(20):SSL23_GET_CLIENT_HELLO:func(118):http request:reason(156)'
Ideas? Should I just reinstall 3.9.2 and copy my config files over? (no apt-get dist-upgrade option I see)
Thanks in advance
More information about the zorp
mailing list