1

I have a CentOS 6.4 server with Apache 2.2.15.

I would like to do a proxy to ftps server. Bellow you can find my configuration:

<VirtualHost *:8001>
DocumentRoot /var/www/html/root

RewriteEngine On

SSLProxyEngine on
SSLProxyMachineCertificateFile "ssl/cert.pem"
ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ftp://IP:990/
ProxyPassReverse / ftp://IP:990/

ErrorLog  logs/proxy.error.log
CustomLog logs/proxy.access.log common

</VirtualHost>

When I am trying to do a proxy URL:

curl -ik http://localhost:8001/

I am getting a following response in logs:

 [Tue Dec 10 13:17:22 2013] [error] [client IP] proxy: SSL/TLS required on the control channel returned by /

Anyone knows how to solve it?

Thanks in advance.

VanditBoy
  • 23
  • 1
  • 5

2 Answers2

1

In your setup the FTP connection you're setting up from your webserver to the FTP server is plain FTP (ftp://), not FTP over SSL (FTPS) as per ProxyPass / ftp://IP:990/.

Your error message could indicate that the FTPS server in IP:990 is the one declining an unecrypted connection.

As far as I know the Apache mod_proxy_ftp module does not support FTPS.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
0

arent you getting warnings when starting this webserver? Because I think u cant use a vhost definition in combination with wildcards due to the nature of ssl.

You can only use 1 specific ip per SSL (v)host. You need to use a unique ip when defining this in your vhost config.

So that means: 

Listen 192.168.0.1:8001
NameVirtualHost 192.168.0.1:8001

<VirtualHost 192.168.0.1:8001>
...
</VirtualHost>
Koen van der Rijt
  • 393
  • 1
  • 11
  • Koen, Listen is limited to one IP, I've tried with your suggestion and it doesn't work. – VanditBoy Dec 10 '13 at 14:51
  • if use one IP on your sever ofcourse. But SSL only allows for 1 IP per SSL-vhost. If u have more Vhosts on the webserver also using 192.168.0.1 it will indeed not work. Im sure u can use multiple Listen clauses – Koen van der Rijt Dec 10 '13 at 15:48