Solved: [SOLVED]ProxyPass Apache - Signed SSL - Can connec...

Donuts_Server · ‎01-15-2016

So I followed this >> Add a chained certificate to ESXi without vCenter and got my esXi HTML5 webUI to present the correct SSL Cert. Interestingly if I visit https://privateip/ui it still says it can't authenticate SSL cert, but i think thats because the website isn't domain.com

I have an apache proxypass server that works with this current config >>

ServerName www.domain.com

ProxyRequests Off

Order deny,allow

Allow from all

</Proxy>

SSLProxyEngine On

SSLProxyCheckPeerCN on

SSLProxyCheckPeerExpire on

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/fsws/fsws.crt

SSLCertificateKeyFile /etc/apache2/ssl/fsws/server.key

ProxyPreserveHost on

ProxyPass /ui https://192.168.1.161:443/ui

ProxyPassReverse /ui https://192.168.1.161:443/ui

Order allow,deny

Allow from all

</Location>

</VirtualHost>

And I can get to the log in screen remotley, and all looks great, but when I try to sign in, it just says, please refresh browser. How can I troubleshoot this, any tips? I can't get HTML5 webclient or VCenter to work with my SSL/ProxyPass. I would prefer to use HTML5 client anyway as I manage a single esXi host currently.

I just recently switched from using a seperate CA-bundle because of the way esXi wanted the SSL cert in one file. perhaps it has to do with ProxyCheck? ... Any help is greatly appreciated, if you need more info, let me know!

PS: esXi 6.0U1b w/ latest HTML5 web client as of 1/15/15

Donuts_Server · ‎01-17-2016

I just changed https:// to wss:// and enabled a2enmod proxy_wstunnel

Ohh I also removed the intermediate certs from the esXi guest and just put them in the ProxyPass server!

Example :

##WITH AUTHORIZATION OPTION
   <Location /ui>
AllowOverride AuthConfig
AuthUserFile /home/[USERNAME]/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require user [USERNAME]
ProxyPass wss://192.168.1.50:443/ui
ProxyPassReverse wss://192.168.1.50:443/ui
   </Location>

##OR W/O AUTH
   <Location /ui>
ProxyPass wss://192.168.1.50:443/ui
ProxyPassReverse wss://192.168.1.50:443/ui
   </Location>

##OR W/O LOCATION TAGS
ProxyPass /ui wss://192.168.1.42:443/ui
ProxyPassReverse /ui wss://192.168.1.42:443/ui

My final guide is here, but thats the important stuff

esXi HTML5 embedded host web client with Apache ProxyPass and WebSocket. – Free Software Servers

View solution in original post

Donuts_Server · ‎01-17-2016

I just changed https:// to wss:// and enabled a2enmod proxy_wstunnel

Ohh I also removed the intermediate certs from the esXi guest and just put them in the ProxyPass server!

Example :

##WITH AUTHORIZATION OPTION
   <Location /ui>
AllowOverride AuthConfig
AuthUserFile /home/[USERNAME]/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require user [USERNAME]
ProxyPass wss://192.168.1.50:443/ui
ProxyPassReverse wss://192.168.1.50:443/ui
   </Location>

##OR W/O AUTH
   <Location /ui>
ProxyPass wss://192.168.1.50:443/ui
ProxyPassReverse wss://192.168.1.50:443/ui
   </Location>

##OR W/O LOCATION TAGS
ProxyPass /ui wss://192.168.1.42:443/ui
ProxyPassReverse /ui wss://192.168.1.42:443/ui

My final guide is here, but thats the important stuff

esXi HTML5 embedded host web client with Apache ProxyPass and WebSocket. – Free Software Servers

Donuts_Server · ‎01-24-2016

It seems the Console will not connect, I would like to fix this, any ideas where to start?

Donuts_Server · ‎01-27-2016

moved to nginx, but perhaps I could have fixed with Apache by using a subdomain and other tweaks I figured out, read here for fully working nginx and perhaps either move to nginx or read and try tweaks with apache

ESXI HTML5 EMBEDDED HOST WEB CLIENT WITH NGINX PROXYPASS AND WEBSOCKET. – Free Software Servers

All

[SOLVED]ProxyPass Apache - Signed SSL - Can connect to login, but then says "Please Refresh Browser"