How to use Apache resource by HTTPS in pacemaker?

I have a problem when i change apache url to HTTPS. Before the change every this working fine with http. Now my company need to use the Virtal ip by HTTPS. so that i didn’t find any suitable tutorial about this issue.

i am working on debian 9. more details are below:


 <Location /server-status>
 SetHandler server-status
 Order Deny,Allow
 Deny from all
 Require local


<VirtualHost *:80>
DocumentRoot /var/www/html
Redirect "/" "https://ip_address/"

Error i received

Failed Actions:
* Apache_monitor_0 on server1 'unknown error' (1): call=59, status=complete, exitreason='none',
    last-rc-change='Wed Sep  9 17:28:19 2020', queued=0ms, exec=71ms
* pgsqld_promote_0 on server2 'unknown error' (1): call=63, status=complete, exitreason='server1 is the best candidate to promote, aborting current promotion',
    last-rc-change='Wed Sep  9 16:57:25 2020', queued=0ms, exec=496ms

pcs status

I tried to add resource like this but it didn’t work

pcs resource create Apache ocf:heartbeat:apache  configfile=/etc/apache2/apache2.conf  statusurl="https://localhost/server-status"  op monitor interval=1min --force

pcs resource create Apache ocf:heartbeat:apache  configfile=/etc/apache2/apache2.conf  statusurl="http://localhost/server-status"  op monitor interval=1min --force

Go to Source
Author: Karippery

Setting up a TCP-SNI proxy that dynamically forwards SSL traffic to any hostname that the SNI might contain

I’m firstly gonna summerize my goal:

I’ll setup a DNS server and configure my smart tv to use it. I’ll set the DNS server up so that requests to specific DNS zones will not actually be resolved, rather the DNS server will return the IP of my proxy server. The proxy server needs to accept any HTTPS request, inspect the SNI, and forward the request to the corresponding host. I cannot statically configure the hosts to which the proxy shall pass the incoming requests, as those hostnames are being “randomly” (= outside of my control) generated in a specific DNS zone.

So far I’ve looked into nginx’s ngx_stream_ssl_preread_module, as well as into HProxy. So far, I have not found a way to make them proxy pass the traffic to $requesthostname, it seems like you always need to specify backends to which you pass the traffic.

While inspecting HTTPS traffic on my local machine using mitmproxy, I realized that it behaves as I desire, in that it forwards all HTTPS requests to the corresponding hostnames. However, as I cannot install mitmproxy’s CA certificate on my smart tv, I cannot use it for this purpose.

Does anybody know a proxy software that serves my purpose, or a way to configure one of the proxyservers I mentioned in such a way that it behaves in such a manner?

Help is greatly appreciated, thanks in advance

Go to Source
Author: Max Luchterhand