Jump to content


Photo

HTTPS to HTTP non standard port through Reverse Proxy.

Reverse Proxy

  • Please log in to reply
5 replies to this topic

#1 Gary Dewrell

Gary Dewrell
  • Members
  • 21 posts

Posted 17 February 2015 - 02:17 PM

I need to take 443 traffic to a public address and proxy it to port 81 on an internal server. 

In the reverse proxy settings. I have it set to "Provide HTTPS for HTTP backend"

SSL Port is set to 443

I have a certificate imported into the Reverse Proxy config. 

I have the Backend IP address set the 192.168.10.10:81  (IP of the internal server)
 

 

When you go to the public url  https://choicemail.pdinet.com you get a TLS error

 

Failed to establish a secure connection to 127.0.0.1

The system returned:

(104) Connection reset by peer (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Handshake with SSL server failed: [No Error]



#2 Micha Knorpp

Micha Knorpp
  • Members
  • 179 posts
  • LocationGermany, BW

Posted 19 February 2015 - 03:02 AM

I´m about to do something similar soon. Only difference is, the internal port will be 2228.

But so far I have no certificate to install, so I can´t test it. I´ll post back if I have any news.


regards,
-micha-

#3 Matthias Maschler

Matthias Maschler
  • Barracuda Team Members
  • 106 posts
  • LocationInnsbruck

Posted 19 February 2015 - 03:33 AM

Hi,

 

I successfully rebuilt a similar setup by following this tutorial: https://techlib.barr...seProxyExchange

but I used self-signed certificate/key and no DNS resolution. I used IP addresses instead.

 

Gary, does the reverse proxy return a proxy (block) page when you try to access https://choicemail.pdinet.com/ ?

Which firmware and/or hotfix version are you running? My setup based on 6.0.1.

 

Regards,

Matthias



#4 Matthias Maschler

Matthias Maschler
  • Barracuda Team Members
  • 106 posts
  • LocationInnsbruck

Posted 19 February 2015 - 11:31 AM

Gary,
 
I was able to reproduce a similar error message of the reverse proxy to yours. 

 

The error arises when I reverse proxy (in SSL mode: Use SSL = Yes) a webserver but my backend Apache is not offering a listening socket on 443. So the connection from the reverse proxy to Apache on 443 is not possible. So it seems that there is an issue with the communication between the reverse proxy and the backend server.

 

However, feel free to Contact Barracuda Networks Technical support. Our Agents can check your configuration to solve the issue.
https://www.barracud...m/support/index

 

Regards,

Matthias



#5 Gary Dewrell

Gary Dewrell
  • Members
  • 21 posts

Posted 23 February 2015 - 11:15 AM

We figured it out. User error. Under Basic Settings, Visible Hostname we missed the comment that says:

If the Proxy is in Reverse Proxy mode, the hostname must be different than the backend Web Server. 



#6 Micha Knorpp

Micha Knorpp
  • Members
  • 179 posts
  • LocationGermany, BW

Posted 26 February 2015 - 07:02 AM

Tried the setup similar to the tutorial, but with option "HTTPS for HTTP backend". Using self-signed certificate and IP-Adresses instead of hostname. Worked instantly! :-) I´m happy....


regards,
-micha-