Apache ProxyPass with SSL

Question

I have a QA setup that consists of multiple internal development servers and one world-accessible provisioning machine that is setup to proxy pass the web traffic. Everything works fine for non-SSL requests, but I'm having a hard time getting the SSL logic working as well. Here's a few example vhost blocks.

<VirtualHost 192.168.168.101:443>
    ProxyPreserveHost On
    SSLProxyEngine On
    ProxyPass / https://192.168.168.111/
    ServerName dev1.site.com
</VirtualHost>

<VirtualHost 192.168.168.101:80>
    ProxyPreserveHost On
    ProxyPass / http://192.168.168.111/
    ServerName dev1.site.com
</VirtualHost>


<VirtualHost 192.168.168.101:443>
    ProxyPreserveHost On
    SSLProxyEngine On
    ProxyPass / https://192.168.168.111/
    ServerName dev2.site.com
</VirtualHost>

<VirtualHost 192.168.168.101:80>
    ProxyPreserveHost On
    ProxyPass / http://192.168.168.111/
    ServerName dev2.site.com
</VirtualHost>

I end up seeing the following error in the provisioner's error log.

[Fri Jan 28 12:50:59 2011] [warn] [client 1.2.3.4] proxy: no HTTP 0.9 request (with no host line) on incoming request and preserve host set forcing hostname to be dev1.site.com for uri /

As well as the following entry in the destination QA machine's access log.

192.168.168.101 - - [22/Feb/2011:08:34:56 -0600] "\x16\x03\x01 / HTTP/1.1" 301 326 "-" "-"

Answer 1

Is the virtualHost definition complete? you missed turning on the ssl engine and specifying the key andcert and so on... So I guess there is listenong a plain http receiver at :443 without ssl.

Answer 2

I've never had that specific error message, but I can see a problem in your setup: you have two virtual host listening on 192.168.168.101:443.

You can't do that with SSL, because Apache cannot look at the content of the SSL connection before it is decrypted, so your second SSL virtual host dev2.site.com is ignored.